WO2022134089A1

WO2022134089A1 - Method and apparatus for generating security context, and computer-readable storage medium

Info

Publication number: WO2022134089A1
Application number: PCT/CN2020/139666
Authority: WO
Inventors: 胡力; 吴�荣
Original assignee: 华为技术有限公司
Priority date: 2020-12-25
Filing date: 2020-12-25
Publication date: 2022-06-30
Also published as: EP4262258A4; CN116601985A; EP4262258A1; US20230337002A1

Abstract

Disclosed in embodiments of the present invention are a method and apparatus for generating a security context, and a computer-readable storage medium. The method comprises: a terminal device acquiring a first security context, wherein the first security context is used for protecting a first communication service of the terminal device; the terminal device sending a session request message to a session management function network element, wherein the session request message is used for requesting the establishment of a session of a second communication service, and the second communication service is different from the first communication service; the terminal device receiving a session acceptance message from the session management function network element, wherein the session acceptance message is used for completing the establishment of the session of the second communication service; the terminal device acquiring an extra generation indication; and the terminal device acquiring a second security context according to the extra generation indication, wherein the second security context is used for protecting the second communication service. By means of the embodiments of the present invention, different communication services are protected by means of different security contexts, so that the security of the communication services can be improved.

Description

A security context generation method, device and computer-readable storage medium

technical field

The embodiments of the present application relate to the field of communications technologies, and in particular, to a method, an apparatus, and a computer-readable storage medium for generating a security context.

Background technique

A public network is a communication network constructed by network service providers for public users. In order to meet the needs of some individuals, enterprises, companies and other users for network resources, the operator allocates network resources that can be divided into parts for these users, and the divided network resources form a private network. The private network formed at this time can be called a public network integrated non-public network (PNI-NPN). In PNI-NPN, user equipment (UE) can be connected to public network services performed by public land mobile network (PLMN), and can also be connected to non-public network/private network (non-public network, NPN). ) to handle private network services. Currently, a UE can be connected to the same radio access network (RAN) to perform public network services and private network services at the same time. At this time, the public network services and private network services communicate using the same set of security contexts. When an attacker deciphers the security context used by the public network service, the security context corresponding to the private network service is obtained. Conversely, when the attacker obtains the algorithm used by the private network service, he also obtains the security context corresponding to the public network service. Therefore, security attacks on public network services or private network services may affect the corresponding private network services or public network services, thereby reducing the security of communication services.

SUMMARY OF THE INVENTION

Embodiments of the present invention disclose a method, device and computer-readable storage medium for generating a security context, which are used to improve the security of communication services.

A first aspect discloses a method for generating a security context. The method for generating a security context can be applied to a terminal device, and can also be applied to a module (eg, a chip) in the terminal device. The following describes the terminal device as an example. The security context generation method may include: the terminal device obtains a first security context, where the first security context is used to protect the first communication service of the terminal device; the terminal device sends a session request message to a session management function network element, The session request message is used to request the establishment of a session for a second communication service, and the second communication service is different from the first communication service; the terminal device receives a session acceptance message from the session management function network element, and the second communication service is different from the first communication service. The session acceptance message is used to complete the establishment of the session for the second communication service; the terminal device obtains an additional generation instruction; the terminal device obtains a second security context according to the additional generation instruction, and the second security context is used for The second communication service is protected.

In this embodiment of the present application, the terminal device may further acquire the second security context on the basis of acquiring the first security context. The first security context and the second security context can respectively protect different communication services. Thereby, the protection of different services can be isolated to prevent that when one of the communication services is attacked, the other communication service is affected, thereby improving the security of the communication services.

As a possible implementation manner, the session request message includes first indication information, where the first indication information is used to indicate that the terminal device supports generating the second security context.

In this embodiment of the present application, when the session request message includes the first indication information, the session management function network element can directly determine the second security context according to the indication information, which can reduce the processing process of the session management function network element, thereby improving the second security context. Generation efficiency of security context.

As a possible implementation manner, acquiring, by the terminal device, the second security context according to the additional generation instruction includes: acquiring, by the terminal device, a security key based on the first key according to the additional generation instruction; and/or The terminal device acquires a security algorithm according to the additional generation instruction.

In this embodiment of the present application, the security context may include a security key and/or a security algorithm. The security context can perform encryption protection and integrity protection on data, so as to ensure the security and reliability of data in communication services.

As a possible implementation manner, the terminal device acquiring the security key based on the first key according to the additional generation instruction includes: the terminal device obtaining the security key based on the first security context according to the additional generation instruction An access stratum (access stratum, AS) root key obtains the first key; the terminal device generates the security key according to the first key.

In this embodiment of the present application, when the terminal device generates the security key, the first key may be generated by generating the AS root key of the first security context. Since the AS root key is known and does not need to be generated, the process of generating the second security context can be reduced, thereby improving the efficiency of generating the second security context.

As a possible implementation manner, the additional generation instruction includes an indication of a first derivative parameter, and the terminal device obtains the first secret key based on the AS root key of the first security context according to the additional generation instruction The key includes: the terminal device generates the first key according to the AS root key of the first security context and the first derivative parameter.

In this embodiment of the present application, since the first key is generated according to the first derivative parameter, and the first derivative parameter is different, the generated key is different, therefore, it can be prevented that the security key included in the second security context and the first security context include The same security key can ensure that different communication services use different security contexts, thereby ensuring the effectiveness of security isolation and improving the security of communication services.

As a possible implementation manner, the first derivative parameter is a downlink packet data convergence protocol (packet data convergence potocol, PDCP) number COUNT, and the indication of the first derivative parameter is part of the bits of the downlink PDCP COUNT.

In the embodiment of the present application, when the first derivative parameter is the downlink PDCP COUNT, as the number of times of generating the security context is constantly changing, the corresponding COUNT value may change accordingly. The change of the COUNT value can prevent the generated first keys from being the same, so that the generated security keys can be prevented from being the same, so that the generated security contexts can be guaranteed to be different. Different security contexts are used to protect different communication services, which can ensure the effectiveness of security isolation of communication services, thereby improving the security of communication services.

As a possible implementation manner, after the terminal device sends the session request message to the session management function network element, and before the terminal device receives the additional generation instruction, the security context generation method further includes: The terminal device performs secondary authentication; the terminal device generates a secondary authentication key in the process of performing the secondary authentication; the terminal device obtains a security key based on the first key according to the additional generation instruction, The method includes: obtaining, by the terminal device, the first key based on the secondary authentication key according to the additional generation instruction; and generating, by the terminal device, a security key according to the first key.

In this embodiment of the present application, the terminal device may perform secondary authentication, and then generate the first key through the authentication key obtained by the secondary authentication. Since the first keys generated by different authentication keys are different, the security keys included in the second security context generated by using the first keys are also different from the security keys included in the first security context, so that the generated security can be guaranteed. The context is different. Different security contexts are used to protect different communication services, which can ensure the effectiveness of security isolation of communication services, thereby improving the security of communication services.

As a possible implementation manner, the additional generation instruction includes an indication of a second derivative parameter, and the terminal device obtains the first key based on the secondary authentication key according to the additional generation instruction, including: The terminal device generates the first key based on the secondary authentication key and the second derivative parameter according to the indication of the second derivative parameter.

In this embodiment of the present application, the terminal device may generate the first key according to the second derivative parameter. Since the second derivative parameter is different, the generated first key is different. Therefore, it is possible to prevent the generated second security context from including the same security key as the first security context, to ensure that the security contexts used by different communication services are different, to ensure the effectiveness of security isolation, and to improve communication services. security.

As a possible implementation manner, the second derived parameter is one or more of the following parameters: downlink non-access stratum (non-access stratum, NAS) number COUNT, protocol data unit (protocol data unit, PDU) Session (session) identity document (ID), network slice selection assistance information (NSSAI) and data network name (DNN).

In the embodiment of the present application, when the NAS COUNT is used as a parameter for deriving the first key, since the value of the deduced COUNT will change each time, the derived first keys may be different. When the PDU session ID, NSSAI or DNN are used as the parameters for deriving the first key, the derived first keys may also be different due to differences in the PDU session of the terminal device, the access slice and the data network. Different first keys can generate different security keys, and different security keys can ensure that the generated security contexts are different. Different security contexts can be used to protect different communication services, which can ensure the effectiveness of security isolation of communication services, thereby improving the security of communication services.

As a possible implementation manner, the generating, by the terminal device, the security key according to the first key includes: generating, by the terminal device, the security key according to the first key and a third derivative parameter. .

In this embodiment of the present application, the terminal device may generate the security key according to the first key and the third derived parameter. Since the generated security keys are different due to different third derived parameters, it can be avoided that the generated security keys are the same as the existing security keys, so that the generated security contexts can be guaranteed to be different. By protecting different communication services through different security contexts, the effectiveness of security isolation of communication services can be ensured, thereby improving the security of communication services.

As a possible implementation manner, the additional generation instruction includes an identifier of the security algorithm, and the terminal device generates the security key according to the first key and the third derived parameter, including: the terminal device The security key is generated based on the first key and the identity and type of the security algorithm.

In this embodiment of the present application, since the type and length of the security key in the second security context are determined, the security key can be determined by the identifier and type of the corresponding security algorithm, thereby ensuring the validity of the generated security key. sex.

As a possible implementation manner, the additional generation indication includes the identification of the security algorithm.

In the embodiment of the present application, after the terminal device obtains the identifier of the security algorithm, it can directly determine the security algorithm according to the identifier, thereby ensuring the consistency of the security algorithm generated by the terminal device and the data transmission network element, and reducing the process of determining the security algorithm by the terminal device. And can improve the generation efficiency of the security context.

As a possible implementation manner, when the first communication service is a public network service, the second communication service is a private network service; when the first communication service is a private network service, the second communication service The business is public network business.

In the embodiment of the present application, the first communication service and the second communication service are different communication services. In the case where one communication service is a private network service, the other communication service is a public network service, which can ensure that different communication services use different services. It can ensure the security isolation between public network services and private network services, thereby improving the security of public network services and private network services.

A second aspect discloses a security context generation method. The security context generation method can be applied to a session management function network element, and can also be applied to a module (for example, a chip) in a session management function network element. The session management function network element is hereinafter referred to as the session management function network element. Take an example to illustrate. The security context generation method may include: the session management function network element receives a session request message from the terminal device, where the session request message is used to request the establishment of a session of the second communication service; the session management function network element sends a data transmission network element to the sending an additional security context indication, where the additional security context indication is used to instruct the generation of a second security context, where the second security context is used to protect the second communication service; the session management function network element sends to the terminal device A session accept message, where the session accept message is used to complete the establishment of the session of the second communication service.

In this embodiment of the present application, after receiving the session request message, the network element of the session management function may respond to the request for generating the second security context. The session management function network element sends an additional security context indication, and the data transmission network element may generate a second security context according to the additional security context. The session management function network element can coordinate the terminal device and the data transmission network element to generate the second security context, so as to ensure the generation of the second security context.

As a possible implementation manner, the session request message includes first indication information, where the first indication information is used to instruct the terminal device to support generating the second security context, and the session management function network element reports to the data transmission network sending an additional security context indication by the element, including: when the first indication information indicates that the terminal device supports generating the second security context, the session management function network element sends the additional security context to the data transmission network element contextual indication.

In the embodiment of the present application, when the session request message includes the first indication information, the session management function network element can directly determine to generate the second security context according to the indication information, which can reduce the processing process of the session management function network element, thereby improving the first security context. Second, the generation efficiency of the security context.

As a possible implementation manner, the session management function network element sending an additional security context indication to the data transmission network element includes: the session management function network element obtains the subscription information of the terminal device according to the session request message; When the subscription information of the terminal device indicates that the second security context needs to be generated, the session management function network element sends the additional security context indication to the data transmission network element.

In this embodiment of the present application, the network element of the session management function may also determine whether to send an additional security context indication according to the subscription information, and the session request message may not carry the indication information for determining whether to generate the second security context, thereby reducing information transmission and Save communication resources.

As a possible implementation manner, the session management function network element sends an additional security context indication to the data transmission network element, including: when the local policy configured by the session management function network element indicates that the second security context needs to be generated , the session management function network element sends the additional security context indication to the data transmission network element.

In this embodiment of the present application, the session management function network element may determine whether to send an additional security context indication according to a local policy. In this case, the session request message may not carry the indication information for determining whether to generate the second security context, thereby reducing information transmission. and save communication resources.

As a possible implementation manner, the additional security context indication includes an identifier of a security algorithm, and the method further includes: acquiring the security algorithm by the session management function network element.

In the embodiment of the present application, after the session management function network element can determine the security algorithm, the terminal device and the data transmission network element can receive the identification of the security algorithm determined by the session management function network element, and the terminal device and the data transmission network element can directly determine the security algorithm according to the identification The security algorithm is determined, so that the process of determining the security algorithm by the terminal device and the data transmission network element can be reduced and processing resources can be saved, so that the generation efficiency of the security context can be improved.

As a possible implementation manner, the additional security context indication includes a first key, and the method further includes: the session management function network element triggers secondary authentication; after the secondary authentication is successful, the session management The functional network element receives the secondary authentication key from the authentication, authorization and accounting network element; the session management functional network element obtains the first key according to the secondary authentication key.

In the embodiment of the present application, the session management function network element may trigger the secondary authentication to obtain the authentication key, and then generate the first key by using the secondary authentication authentication key. Since the first keys generated by different authentication keys are different, the security keys included in the second security context generated by using the first keys are also different from the security keys included in the first security context, so that the generated security can be guaranteed. The context is different. Different security contexts are used to protect different communication services, which can ensure the effectiveness of security isolation of communication services, thereby improving the security of communication services.

As a possible implementation manner, obtaining the first key by the session management function network element according to the secondary authentication key includes: the session management function network element obtains the first key according to the secondary authentication key and the second authentication key. The derived parameter obtains the first key.

In this embodiment of the present application, the session management network element may generate the first key according to the second derivative parameter, and the generated first key is different due to the difference of the second derivative parameter. Therefore, it can be prevented that the security key included in the generated second security context is the same as the security key included in the first security context, and it can be ensured that the security contexts used by different communication services are different. The effectiveness of security isolation can be guaranteed, thereby improving the security of communication services.

As a possible implementation manner, the second derived parameter is one or more of the following parameters: downlink NAS COUNT, PDU session ID, NSSAI, and DNN.

In the embodiment of the present application, when the NAS COUNT is used as a parameter for deriving the first key, since the value of the deduced COUNT will change each time, the derived first keys may be different. When one or more of the PDU session ID, NSSAI and DNN are used as the parameters for deriving the first key, due to the difference in the PDU session of the terminal device, the slice accessed and the data network, the derived first key can also be used. The keys are all different. Different first keys can generate different security keys, and different security keys can ensure that the generated security contexts are different. Different security contexts can be used to protect different communication services, which can ensure the effectiveness of security isolation of communication services, thereby improving the security of communication services.

As a possible implementation manner, the session acceptance message includes an indication of a second derivative parameter, where the indication of the second derivative parameter is used to instruct to obtain a security key according to the secondary authentication key.

In this embodiment of the present application, when the session management function network element receives the indication of the second derived parameter, the session management network element may generate the first key according to the secondary authentication key and the second derived parameter. The difference in the second derived parameter makes the generated security key different. The generated security context can be made different. Different security contexts can ensure the effectiveness of the security isolation of communication services, thereby improving the security of communication services.

A third aspect discloses a security context generation method. The security context generation method can be applied to a data transmission network element, and can also be applied to a module (for example, a chip) in the data transmission network element. The following takes the data transmission network element as an example to perform illustrate. The security context generation method may include: the data transmission network element receives an additional security context indication from the session management function network element; the data transmission network element obtains a second security context according to the additional security context indication, and the second security context is used to protect the second communication service; the data transmission network element sends an additional generation instruction to the terminal device, where the additional generation instruction is used to instruct the generation of the second security context.

In this embodiment of the present application, the data transmission network element may acquire the second security context, and the second security context may protect the second communication service, thereby improving the security of the second communication service.

As a possible implementation manner, the data transmission network element acquiring the second security context according to the additional security context indication includes: the data transmission network element acquiring the security context based on the first key according to the additional security context indication and/or the data transmission network element obtains a security algorithm according to the additional security context indication.

As a possible implementation manner, before the data transmission network element receives the additional security context indication from the session management function network element, the security context generation further includes: the data transmission network element obtains a first security context, and the first security context is obtained by the data transmission network element. A security context is used to protect the first communication service, the first communication service being different from the second communication service.

In this embodiment of the present application, the data transmission network element may further acquire the second security context on the basis of acquiring the first security context. The first security context and the second security context can respectively protect different communication services. Therefore, the protection of different services can be isolated, so as to prevent one communication service from being attacked, affecting the other communication service. Thereby, the security of the communication service can be improved.

As a possible implementation manner, the data transmission network element generating the security key based on the first key according to the additional security context indication includes: the data transmission network element, according to the additional security context indication, The first key is obtained based on the AS root key of the first security context; the data transmission network element generates the security key according to the first key.

In this embodiment of the present application, when the data transmission network element generates the security key, the first key may be generated by generating the AS root key of the first security context. Since the AS root key is known and does not need to be generated, the process of generating the second security context can be reduced, thereby improving the efficiency of generating the second security context.

As a possible implementation manner, the additionally generated indication includes an indication of a first derived parameter, and the data transmission network element obtains the The first key includes: the data transmission network element generates the first key according to the AS root key of the first security context and the first derivative parameter.

In this embodiment of the present application, since the first key is generated according to the first derivative parameter, and the first key generated is different depending on the first derivative parameter, it can be prevented that the generated second security context includes the security key and the The security keys included in the first security context are the same, which can ensure that the security contexts used by different communication services are different, thereby ensuring the effectiveness of security isolation and improving the security of communication services.

As a possible implementation manner, the first derivative parameter is a downlink PDCP COUNT, and the indication of the first derivative parameter is part of the bits of the downlink PDCP COUNT.

As a possible implementation manner, the additional security context indication includes the first key, and the data transmission network element obtains the security key based on the first key according to the additional security context indication, including: The data transmission network element generates the security key according to the first key.

In the embodiment of the present application, the data transmission network element may generate a security key according to the received first key, and the first key may be a key generated by the session management function network element according to the authentication key of the secondary authentication. Since the first keys generated by different authentication keys are different, the security keys included in the second security context generated by using the first keys are also different from the security keys included in the first security context, so that the generated security can be guaranteed. The context is different. Different security contexts are used to protect different communication services, which can ensure the effectiveness of security isolation of communication services, thereby improving the security of communication services.

As a possible implementation manner, generating, by the data transmission network element, the security key according to the first key includes: generating, by the data transmission network element, the security key according to the first key and a third derived parameter. the security key.

In this embodiment of the present application, the data transmission network element may generate the security key according to the first key and the third derived parameter. Because the third derivative parameters are different, the generated security keys are different, and different communication services are protected through different security contexts. The effectiveness of the security isolation of the communication service can be guaranteed, thereby improving the security of the communication service.

As a possible implementation manner, the additional security context indication includes an identifier of a security algorithm, and the data transmission network element generates the security key according to the first key and the third derived parameter, including: the data The transmission network element generates the security key according to the first key and the identity and type of the security algorithm.

In the embodiment of the present application, after the terminal device obtains the identifier of the security algorithm, it can directly determine the security algorithm according to the identifier, thereby ensuring the consistency of the security algorithm generated by the terminal device and the data transmission network element, and reducing the number of data transmission network elements to determine the security algorithm process, and can improve the generation efficiency of the security context. In addition, the data transmission network element can determine the security algorithm, and identify the security algorithm

As a possible implementation manner, the additional security context indication includes an identifier of the security algorithm.

In the embodiment of the present application, after the data transmission network element obtains the identifier of the security algorithm, the security algorithm can be directly determined according to the identifier, thereby ensuring the consistency of the security algorithm generated by the terminal device and the data transmission network element, and reducing the need for the data transmission network element to determine the security algorithm. The process of security algorithm, and the generation efficiency of security context can be improved.

As a possible implementation manner, the data transmission network element acquiring the security algorithm according to the additional security context indication includes: the data transmission network element, according to the additional security context indication, based on the security capability of the terminal device and the The security algorithm is obtained from a preconfigured algorithm priority list, and the security capability of the terminal device is used to indicate all security algorithms supported by the terminal device.

In this embodiment of the present application, the data transmission network element may acquire the security algorithm according to the security capability of the corresponding terminal device and the preconfigured algorithm priority list. The algorithm priority list is pre-configured by the data transmission network element, and the corresponding terminal device can pre-configure its own corresponding security algorithm. The data transmission network element can determine the security algorithms of all corresponding terminal devices through the algorithm priority list. When a terminal device suffers a security attack, the security algorithm of the corresponding terminal device may be leaked, but the security algorithms of all terminal devices will not be leaked, thereby improving the security of communication services of different terminal devices.

A fourth aspect discloses an apparatus for generating a security context. The apparatus for generating a security context may be a terminal device or a module (eg, a chip) in the terminal device, and the apparatus may include:

an acquiring unit, configured to acquire a first security context, where the first security context is used to protect the first communication service of the terminal device;

a sending unit, configured to send a session request message to the session management function network element, where the session request message is used to request the establishment of a session of a second communication service, where the second communication service is different from the first communication service;

a receiving unit, configured to receive a session acceptance message from the session management function network element, where the session acceptance message is used to complete the establishment of the session of the second communication service;

The obtaining unit is also used to obtain additional generation instructions;

The obtaining unit is further configured to obtain a second security context according to the additional generation instruction, where the second security context is used to protect the second communication service.

As a possible implementation manner, the acquiring unit acquires a second security context according to the additional generation instruction, where the second security context is used to protect the second communication service includes:

obtaining a security key based on the first key according to the additional generation indication; and/or

A security algorithm is obtained according to the additional generation indication.

As a possible implementation manner, the obtaining unit obtaining the security key based on the first key according to the additional generation instruction includes:

obtaining the first key based on the AS root key of the first security context according to the additional generation instruction;

The security key is generated from the first key.

As a possible implementation manner, the additional generation instruction includes an indication of a first derivative parameter, and the obtaining unit obtains the first secret key based on the AS root key of the first security context according to the additional generation instruction Keys include:

The first key is generated according to the AS root key of the first security context and the first derived parameter.

As a possible implementation manner, the device may further include:

an execution unit for performing secondary authentication;

a generating unit, configured to generate a secondary authentication key during the execution of the secondary authentication process;

The obtaining unit obtaining the security key based on the first key according to the additional generation instruction includes:

obtaining the first key based on the secondary authentication key according to the additional generation instruction;

A security key is generated from the first key.

As a possible implementation manner, the additional generation instruction includes an indication of a second derivative parameter, and according to the additional generation instruction, the obtaining unit, according to the additional generation instruction, obtains the first key based on the secondary authentication key, including:

The first key is generated based on the secondary authentication key and the second derivative parameter according to the indication of the second derivative parameter.

As a possible implementation manner, the obtaining unit generating the security key according to the first key includes:

The security key is generated based on the first key and the third derived parameter.

As a possible implementation manner, the additional generation instruction includes the identifier of the security algorithm, and the acquiring unit generating the security key according to the first key and the third derivative parameter includes:

The security key is generated based on the first key and the identity and type of the security algorithm.

A fifth aspect discloses an apparatus for generating a security context. The apparatus for generating a security context may be a session management function network element, or a module (eg, a chip) in the session management function network element, and the apparatus may include:

a receiving unit, configured to receive a session request message from the terminal device, where the session request message is used to request the establishment of a session of the second communication service;

a sending unit, configured to send an additional security context indication to a data transmission network element, where the additional security context indication is used to instruct to generate a second security context, and the second security context is used to protect the second communication service;

The sending unit is further configured to send a session acceptance message to the terminal device, where the session acceptance message is used to complete the establishment of the session of the second communication service.

As a possible implementation manner, the session request message includes first indication information, where the first indication information is used to instruct the terminal device to support generating the second security context, and the sending unit sends an additional information to the data transmission network element Security context indications include:

When the first indication information indicates that the terminal device supports generating the second security context, the additional security context indication is sent to the data transmission network element.

As a possible implementation manner, the sending unit sending the additional security context indication to the data transmission network element includes:

Acquire the subscription information of the terminal device according to the session request message;

When the subscription information of the terminal device indicates that the second security context needs to be generated, the additional security context indication is sent to the data transmission network element.

As a possible implementation manner, the sending unit to the data transmission network element to send the additional security context indication includes:

When the local policy configured by the session management function network element indicates that the second security context needs to be generated, the additional security context indication is sent to the data transmission network element.

As a possible implementation manner, the additional security context indication includes an identifier of a security algorithm, and the apparatus may further include an acquisition unit, wherein:

an obtaining unit, configured to obtain the security algorithm.

As a possible implementation manner, the additional security context indication includes a first key, and the apparatus may further include:

Trigger unit, used to trigger secondary authentication;

The receiving unit is further configured to receive the secondary authentication key from the authentication, authorization and accounting network element after the secondary authentication is successful;

The obtaining unit is further configured to obtain the first key according to the secondary authentication key.

As a possible implementation manner, the acquiring unit acquiring the first key according to the secondary authentication key includes:

The first key is obtained according to the secondary authentication key and the second derivative parameter.

A sixth aspect discloses an apparatus for generating a security context. The apparatus for generating a security context may be a data transmission network element, or may be a module (eg, a chip) in the data transmission network element, and the apparatus may include:

a receiving unit, configured to receive an additional security context indication from the session management function network element;

an acquiring unit, configured to acquire a second security context according to the additional security context indication, where the second security context is used to protect the second communication service;

A sending unit, configured to send an additional generation instruction to the terminal device, where the additional generation instruction is used to instruct to generate the second security context.

As a possible implementation manner, the obtaining unit is specifically used for:

obtaining a security key based on the first key according to the additional security context indication; and/or

A security algorithm is obtained according to the additional security context indication.

As a possible implementation manner, the acquiring unit is further configured to acquire a first security context before receiving the additional security context indication from the session management function network element, where the first security context is used to protect the first communication service, The first communication service is different from the second communication service.

As a possible implementation manner, the obtaining unit, according to the additional security context indication, generating the security key based on the first key includes:

obtaining the first key based on the AS root key of the first security context according to the additional security context indication;

The security key is generated from the first key.

As a possible implementation manner, the additionally generated indication includes an indication of a first derived parameter, and the obtaining unit obtains the first derived parameter based on the AS root key of the first security context according to the additional security context indication Keys include:

As a possible implementation manner, the additional security context indication includes the first key, and according to the additional security context indication, the obtaining unit, according to the additional security context indication, obtains the security key based on the first key including:

The security key is generated from the first key.

As a possible implementation manner, the additional security context indication includes an identifier of a security algorithm, and the acquiring unit generating the security key according to the first key and the third derived parameter includes:

As a possible implementation manner, the obtaining unit obtaining the security algorithm according to the additional security context indication includes:

According to the additional security context indication, the security algorithm is acquired based on the security capability of the terminal device and a preconfigured algorithm priority list, where the security capability of the terminal device is used to indicate all security algorithms supported by the terminal device.

A seventh aspect discloses an apparatus for generating a security context, where the apparatus for generating a security context may be a terminal device or a module (eg, a chip) in the terminal device. The security context generating apparatus may include: a processor, a memory, an input interface for receiving information from other apparatuses other than the apparatus, and an output interface for sending information to outside the apparatus The other means of outputting information, when the processor executes the computer program stored in the memory, causes the processor to execute the security context generation method disclosed in the first aspect or any embodiment of the first aspect.

An eighth aspect discloses a security context generating apparatus, where the security context generating apparatus may be a session management function network element or a module (eg, a chip) in the session management function network element. The security context generating apparatus may include: a processor, a memory, an input interface for receiving information from other apparatuses other than the apparatus, and an output interface for sending information to outside the apparatus The other means of outputting information, when the processor executes the computer program stored in the memory, causes the processor to execute the security context generation method disclosed in the second aspect or any embodiment of the second aspect.

A ninth aspect discloses an apparatus for generating a security context, and the apparatus for generating a security context may be a data transmission network element or a module (eg, a chip) in the data transmission network element. The security context generating apparatus may include: a processor, a memory, an input interface for receiving information from other apparatuses other than the apparatus, and an output interface for sending information to outside the apparatus The other means of outputting information, when the processor executes the computer program stored in the memory, causes the processor to execute the security context generation method disclosed in the third aspect or any embodiment of the third aspect.

A tenth aspect discloses a communication system, which includes the security context generating apparatus of the seventh aspect, the security context generating apparatus of the eighth aspect, and the security context generating apparatus of the ninth aspect.

An eleventh aspect discloses a computer-readable storage medium, where a computer program or computer instruction is stored thereon, and when the computer program or computer instruction is executed, the security context generation method disclosed in the above aspects is implemented.

A twelfth aspect discloses a chip including a processor for executing a program stored in a memory, and when the program is executed, the chip executes the above method.

As a possible implementation, the memory is located off-chip.

A thirteenth aspect discloses a computer program product, the computer program product comprising computer program code which, when executed, causes the above-mentioned method to be performed.

Description of drawings

1 is a schematic diagram of a network architecture disclosed in an embodiment of the present application;

FIG. 2 is a schematic flowchart of a security context generation disclosed in an embodiment of the present application;

3 is a schematic flowchart of another security context generation disclosed in an embodiment of the present application;

4 is a schematic flowchart of yet another security context generation disclosed in an embodiment of the present application;

5 is a schematic flowchart of yet another security context generation disclosed in an embodiment of the present application;

FIG. 6 is a schematic flowchart of yet another security context generation disclosed in an embodiment of the present application;

FIG. 7 is a schematic structural diagram of a communication device disclosed in an embodiment of the present application;

8 is a schematic structural diagram of another communication device disclosed in an embodiment of the present invention;

9 is a schematic structural diagram of another communication device disclosed in an embodiment of the present invention;

10 is a schematic structural diagram of another communication device disclosed in an embodiment of the present invention;

FIG. 11 is a schematic structural diagram of another communication apparatus disclosed in an embodiment of the present invention.

Detailed ways

The embodiments of the present application disclose a method, device and computer-readable storage medium for generating a security context, which are used to improve the security of communication services. Each of them will be described in detail below.

In order to better understand a security context generation method, apparatus, and computer-readable storage medium disclosed in the embodiments of the present invention, the network architecture used in the embodiments of the present invention is first described below. Please refer to FIG. 1. FIG. 1 is a schematic diagram of a network architecture disclosed in an embodiment of the present invention. As shown in FIG. 1 , the network architecture may include user equipment (UE), (radio access network, (R)AN) equipment, and user plane function (UPF) network elements , data network (DN), session management function (session management function, SMF) network element, access and mobility management function (access and mobility management function, AMF) network element, unified data management (unified data management, UDM) network element ) network element, authentication server function (AUSF) network element, network slice selection function (NSSF) network element, policy control function (PCF) network element, application function (application function) , AF) network element, network slice selection assistance information (NSSAI) network element, network data analysis function (NWDAF) network element, network exposure function (network exposure function, NEF) network element and Network Repository Function (NRF) network elements.

UE, also known as terminal equipment, mobile station (mobile station, MS), mobile terminal (mobile terminal, MT), etc., is a device that provides voice and/or data connectivity to users. The terminal device can be a handheld terminal, a notebook computer, a subscriber unit, a cellular phone, a smart phone, a wireless data card, a personal digital assistant (PDA) computer, a tablet computer , wireless modem (modem), handheld device (handheld), laptop computer (laptop computer), cordless phone (cordless phone) or wireless local loop (wireless local loop, WLL) station, machine type communication (machine type communication, MTC) terminals, wearable devices (such as smart watches, smart bracelets, pedometers, etc.), in-vehicle devices (such as cars, bicycles, electric vehicles, airplanes, ships, trains, high-speed rail, etc.), virtual reality (virtual reality, VR) equipment, augmented reality (AR) equipment, wireless terminals in industrial control (industrial control), smart home equipment (for example, refrigerators, TVs, air conditioners, electricity meters, etc.), intelligent robots, workshop equipment, unmanned driving Wireless terminals in (self driving), wireless terminals in remote medical surgery, wireless terminals in smart grid, wireless terminals in transportation safety, in smart city wireless terminals, or wireless terminals in smart homes, flying devices (eg, smart robots, hot air balloons, drones, airplanes), or other devices that can access the network. The terminal device in FIG. 1 is shown as a UE, which is only an example and does not limit the terminal device. The UE can access the DN by establishing a session between the UE-(R)AN device-UPF-DN, that is, a protocol data unit (PDU) session.

The (R)AN device is a device that provides wireless access for the UE, and is mainly responsible for functions such as radio resource management, quality of service (QoS) flow management, data compression, and encryption on the air interface side. The (R)AN can communicate directly with the UE through the AS. (R)AN devices may include various forms of base stations, such as: macro base stations, micro base stations (also called small stations), relay stations, access points, and the like. The (R)AN device may also include a wireless fidelity (WiFi) access point (AP). The (R)AN device may also include a worldwide interoperability for microwave access (WiMax) base station (BS). (R)AN can be a network-side device in a 5G network or a network after 5G or a network device in a PLMN network, such as a next-generation base station (generation NodeB, gNB), or a next-generation evolved base station (next generation- evolved NodeB, ng-eNB), and may also be a long-term evolved base station (evloved NodeB, eNB).

AMF network elements can access UE's non-access stratum (NAS) signaling (including mobility management (MM) signaling and session management (session management, SM) signaling) and N2 through the N1 interface The interface accesses the signaling of the RAN to complete the forwarding of the UE's SM signaling and mobility management.

The SMF network element is mainly responsible for session management in the mobile network, such as session establishment, modification, release, update and other procedures. Specific functions include assigning IP addresses to users and selecting UPF network elements that provide packet forwarding functions. The messages between the SMF and the UE can be encapsulated in the session management (session management, SM) container (contianer) of the NAS message, and the AMF can extract the SM contianer content from the NAS message, and then send it to the SMF.

The PCF network element can be responsible for terminal device policy management, including mobility-related policies and PDU session-related policies, such as QoS policies, charging policies, and the like. PCF can manage the user's session policy.

The AF network element mainly supports interaction with the 3rd generation partnership project (3GPP) core network to provide services to affect service flow routing, access network capability opening, and policy control.

The UDM network element is responsible for user key management, user identification processing, access authorization for subscription data, UE network function entity management, session and service continuity management, short message push, legal interception, subscription management, short message management, and management and control. Management of user data, such as subscription information.

The UPF network element is mainly responsible for processing user packets, such as forwarding and charging. The user packet can be received from the DN and transmitted to the UE through the RAN device; the user packet can also be received from the UE through the RAN device and forwarded to the DN. The transmission resources and scheduling functions provided by the UPF network element to serve the UE are managed and controlled by the SMF network element.

The DN may be the Internet, an IP multi-media service (IMS) network, a regional network, i.e. a local network, such as a multi access edge computing (MEC) network, etc. The DN is the destination of the UE's PDU session access. An application server is included or deployed in the DN, and the application server can perform data transmission with the UE and provide business services for the UE.

The AUSF network element may be responsible for authenticating and authorizing the access of the UE.

The data transmission network element is mainly responsible for processing user packets, which can be a RAN device or a UPF network element.

Each of the above network elements in the core network may also be referred to as functional entities, that is, network elements implemented on dedicated hardware, software instances running on dedicated hardware, or instances of virtualized functions on an appropriate platform For example, the above-mentioned virtualization platform may be a cloud platform.

It should be noted that the system architecture shown in FIG. 1 is not limited to including only the network elements shown in the figure, but may also include other devices or network elements that are not shown in the figure. enumerate.

It should be noted that the embodiments of the present application do not limit the distribution form of each network element in the core network, and the distribution form shown in FIG. 1 is only exemplary and is not limited in the present application.

It should be understood that the names of all network elements in this application are only examples, and in future communications, such as 6G, they may also be called other names, or in future communications, such as 6G, the network elements involved in this application can also be referred to by It can be replaced by other entities or devices with the same function, which are not limited in this application. A unified description is made here, and will not be repeated in the future.

It should be noted that the 5G network architecture shown in FIG. 1 does not constitute a limitation on the 5G network. Optionally, the methods in the embodiments of the present application are also applicable to various future communication systems, such as 6G or other communication networks.

In addition, the above-mentioned network structure may further include an authentication authorization and accounting (authentication authorization and accounting, AAA) network element, and the AAA network element can complete the authentication of the access terminal device.

In order to better understand the embodiments of the present application, the following first describes application scenarios of the embodiments of the present application.

In the PNI-NPN scenario, there can be three roles, namely terminal equipment (for example, company computers used by Volkswagen employees, etc.), PLMN (for example, China Mobile, etc.), NPN (for example, Volkswagen car companies, etc.). Terminal equipment can simultaneously perform public network services and private network services through PLMN. For example, terminal devices can use instant messaging applications and emails at the same time. Taking into account the security issues of the 5G network, the terminal device can perform security protection with the access network. That is, a set of security contexts can be used for communication protection between the UE and the (R)AN device, so that the security of the user plane data flow between the user and the network can be guaranteed.

In order to facilitate the understanding of the present application, the related technical knowledge involved in the embodiments of the present application is first introduced here.

The security context is a context in which security protection of communication content can be performed, and the security protection may include confidentiality protection and/or integrity protection. A context contains at least a security key and a security algorithm. Optionally, the context may also include security policies, security activation instructions, freshness parameters, and the like. When the communication content is a communication service, the security key used for confidentiality protection can be Kup-enc, and the security algorithm used for confidentiality protection can be 5G encryption algorithm (encryption algorithm for 5G, NEA) or EPS encryption algorithm (evolved packet system encryption algorithm, EEA), the security key used for integrity protection can be Kup-int, and the security algorithm used for integrity protection can be 5G integrity algorithm (intergrity algorithm for 5G, NIA) or EPS integrity algorithm (evolved packet system integrity algorithm, EIA). The communication party can configure the security key and security algorithm to the PDCP layer, the sender can use the security key and security algorithm to encrypt and/or integrity protect the sent communication content, and the receiver can use the same security key and security algorithm. Algorithms decrypt and/or integrity check received communications.

The communication service is the user plane traffic that the terminal device communicates with the service provided by the server through the mobile network. It can include public network services and/or private network services. The service provided by the public network service representative server can be publicly accessed, for example, the application provided by the service provider. The services provided by the private network agent server are restricted access, for example, the private operation application of the enterprise. The terminal equipment may need to establish different sessions with the mobile network for different services.

The encryption key kup-enc and the encryption algorithm can be used between the UE and the (R)AN device to encrypt and protect the user plane traffic, and the integrity protection key kup-int and the integrity protection algorithm can be used to protect the integrity of the user plane traffic. Protect. The security key may include an encryption key and an integrity protection key, and the security algorithm may include an encryption algorithm and an integrity protection algorithm. The security context may include security keys and/or security algorithms. User plane traffic can be sent through different data radio bearers (DRBs), and different DRBs may enable or disable encryption protection or integrity protection. When DRBs enable protection, the keys and algorithms used by all DRBs that enable protection are the same, that is, all terminal devices and access network devices can use the same set of security contexts for communication protection. At this time, when the attacker obtains the security key used by the public network service, he also obtains the security key of the private network service, thereby obtaining the service traffic of the private network, and vice versa. For example, an attacker can obtain the security key used by the public network service by deciphering the security algorithm used by the public network service, so as to obtain the security context of the public network service. When an attacker obtains the security context of the public network, he can also obtain the security context of the private network, and then obtain the service traffic of the private network through the security context of the private network. The above protection methods do not realize the security isolation of public network service protection and private network service protection. Therefore, how to realize the security isolation of public network services and private network services in PNI-NPN is a technical problem that needs to be solved urgently.

Based on the above network architecture, please refer to FIG. 2 , which is a schematic flowchart of a method for generating a security context disclosed in an embodiment of the present invention. As shown in FIG. 2, the security context generation method may include the following steps.

201. A terminal device acquires a first security context.

When the terminal device needs to protect the data, the terminal device can generate the first security context, so that the first security context can be used to perform security protection on the data. The first security context may include a first security key, and/or a first security algorithm. The first security key may include a first encryption key, and/or a first integrity protection key. The first security algorithm may include a first encryption algorithm, and/or a first integrity protection algorithm. The first security context may protect the first communication service of the terminal device. The first communication service may be a public network service or a private network service. It should be understood that the above data may be user plane data.

Wherein, after the terminal device registers with the PLMN and requests to establish a session of the first communication service, the terminal device and the access network device can obtain the first security context for protecting the first communication service, and can use the first security context to protect the first security context. communication business. For the process of obtaining the first security context by the terminal device, reference may be made to the relevant description of 3GPP TS 33.501.

202. The terminal device sends a session request message to the session management function network element.

The terminal device may send a session request message to the session management function network element, and correspondingly, the session management function network element may receive the session request message from the terminal device. Specifically, the terminal device may first send a NAS message to the access and mobility management network element, and the NAS message may include an SM message. After receiving the NAS message from the terminal device, the access and mobility management function network element can first extract the SM message from the NAS message, and then can send the SM message to the session management function network element. The session request message may be an SM message. The SM message may be a PDU Session Proposal Request message or a PDU Session Modification Request message. The session request message may be used to request the establishment of a session for the second communication service. The NAS message may include DNN and/or NSSAI, and the access and mobility management network element may extract the DNN and/or NSSAI from the NAS message and send it to the session management function network element. In addition, when the data transmission network element is a user plane function network element, the session request message may include the identification of the terminal device, and the identification of the terminal device may be used to determine the user plane function network element. It should be understood that the session request message refers to a session for completing a request to establish a second communication service, and the name of this message is not limited.

The session request message may include first indication information, and the first indication information may indicate that the terminal device supports generating the second security context. That is, it can be understood that the first indication information can indicate that the terminal device supports the generation of the second security context, the first indication information can also be used to request the generation of the second security context, and the first indication information can also be used to indicate that the session needs to implement security. isolation. The second security context may include a second security algorithm, and/or a second security key. The second security algorithm may include a second encryption algorithm, and/or a second integrity protection algorithm. The second security key may include a second encryption key, and/or a second integrity protection key.

The first communication service and the second communication service are different communication services. The second communication service may be a public network service or a private network service. When the first communication service is a public network service, the second communication service may be a private network service; when the first communication service is a private network service, the second communication service may be a public network service.

The first security context and the second security context are different security contexts. It can be understood that the second security key is different from the first security key, but the second security algorithm is the same as the first security algorithm; it can also be understood as the second security key. The security algorithm is different from the first security algorithm, but the second security key is the same as the first security key; it can also be understood that the second security key is different from the first security key, and the second security algorithm is different from the first security algorithm. different. The second security context may protect the second communication service, and the first security context and the second security context may respectively protect different communication services.

203. The session management function network element sends an additional security context indication to the data transmission network element.

After the session management function network element receives the session request message from the terminal device, it can first determine whether the second security context needs to be generated for the terminal device. When it is determined that the terminal device needs to generate the second security context, it can send the message to the data transmission network element Additional security context indication, correspondingly, the data transmission network element may receive the additional security context indication from the session management function network element. When it is determined that the terminal device does not need to generate the second security context, steps 203 to 207 may not be performed.

In a possible implementation manner, after the session management function network element receives the session request message from the terminal device, it can judge whether the terminal device supports the generation of the second security context according to the first indication information. In one way, when the first indication information is an explicit indication, the session management function network element can judge whether the session request message includes the first indication information, and when it is judged that the session request message includes the first indication information, it indicates that the terminal device supports the Generation of a second security context. When it is determined that the session request message does not include the first indication information, it indicates that the terminal device does not support the generation of the second security context. In another manner, the first indication information is an implicit indication. For example, the session request message may include 1 bit. If this bit is a specific value, such as 0 or 1, it indicates that the terminal device supports the generation of the second security context. If this bit is not the above-mentioned specific value or does not include the above-mentioned specific value In this case, it indicates that the session request message terminal device does not support the generation of the second security context.

In another possible implementation manner, after receiving the session request message from the terminal device, the session management function network element can obtain the subscription information of the terminal device, and then can determine whether the terminal device needs to generate the second security context according to the subscription information. When the subscription information includes the second indication information, it indicates that the terminal device needs to generate the second security context. Otherwise, it indicates that the terminal device does not need to generate the second security context. The second indication information may indicate that the terminal device supports the generation of the second security context, that is, indicates that the terminal device supports the generation of the second security context, or the second indication information is used to request the generation of the second security context, or the second indication information is used to generate the second security context. Indicates that this session requires security isolation. The network element of the session management function can obtain the subscription information of the terminal device from the UDM network element or the PCF network element.

In another possible implementation, the session management function network element may be pre-configured or configured with a local policy by default. Therefore, after receiving the session request message from the terminal device, it can determine whether the terminal device is based on the relevant information of the session and the local policy. A second security context needs to be generated. For example, if the local policy is to use different security contexts for protection for a specific session, after the session management function network element receives the DNN and/or NSSAI from the terminal device, it can determine the corresponding service of the DNN and/or NSSAI according to the local policy Whether it is necessary to use different security contexts for protection, when judging that it is necessary, the network element of the session management function determines that a second security context needs to be generated for the UE.

It should be understood that the session management function network element may determine whether the second security context needs to be generated through one or more of the above-mentioned manners. That is, whether the terminal device supports the generation of the second security context can be determined through the first indication information, and when it is determined through the first indication information that the terminal device supports the generation of the second security context, it is determined that the second security context needs to be generated; or the subscription information can be used to determine whether the terminal device supports the generation of the second security context. It is determined whether the second security context needs to be generated; it can also be determined through the local policy whether the second security context needs to be generated. It can also be determined whether the second security context needs to be generated through the first indication information and the subscription information. When the first indication information determines that the terminal device supports the generation of the second security context, and it is determined through the subscription information that the second security context needs to be generated, it is determined that the second security context needs to be generated. The second security context is generated; it can also be determined whether the second security context needs to be generated through the first indication information and the local policy. When the first indication information determines that the terminal device supports the generation of the second security context, and the local policy determines that the second security context needs to be generated When generating a security context, it is determined that a second security context needs to be generated.

The additional security context indication may be used to instruct the generation of the second security context. Additional security context indications may be indicated explicitly. For example, the additional security context indication may include 1 bit, when the value of this bit is 1, it may indicate that the second security context is generated, and when the value of this bit is 0, it may indicate that the second security context is not generated. Additional security context indications may also be indicated implicitly. For example, the additional security context indication may be an information element required to generate the second security context, such as a key, algorithm, flag bit, indicator, index, transmission resource, etc., to send the additional security context indication to the data transmission network element. For example, when the data transmission network element receives the key, it indicates that the session management function network element instructs the data transmission network element to generate the second security context.

Optionally, after the session management function network element determines that the second security context needs to be generated for the terminal device, the security algorithm may be determined.

A possible implementation manner, the session management function network element can pre-configure the mapping relationship between the DNN and the security algorithm, when it is determined that the terminal device needs to generate the second security context, it can be directly searched according to the DNN reported by the terminal device and the above-mentioned mapping relationship. to the security algorithm it uses.

In another possible implementation manner, the session management function network element may pre-configure the mapping relationship between the DNN and the algorithm priority list, and when it is determined that the terminal device needs to generate the second security context, the DNN and the above mapping reported by the terminal device may be used. The relationship finds the algorithm priority list, and then obtains the security algorithm used by the terminal device according to the security capability and the algorithm priority list. Among them, the algorithm priority list is an algorithm list reflecting the use priority, which can be expressed as priority 1: algorithm B, priority 2: algorithm A, priority 3: algorithm C, the smaller the priority number, the higher the priority. high. The security capability of the terminal device is reported by the terminal device, which can indicate the algorithms that the terminal device can support. For example: Algorithm A, Algorithm B, Algorithm C, since the terminal device supports the three algorithms A, B, and C at the same time, but because Algorithm B has the highest priority, Algorithm B is finally obtained as the security algorithm.

After the session management function network element determines the security algorithm, the additional security context indication may include the identification of the security algorithm.

Optionally, after the session management function network element determines that the second security context needs to be generated for the terminal device, the first key may be determined.

The first key may also be obtained from a secondary authentication key, wherein the session management function network element receives the secondary authentication key from the authentication authorization and accounting network element.

The session management function network element may generate the first key according to the secondary authentication key and the second derived parameter. The session management function network element can trigger the secondary authentication of the terminal device. For example, when the session management function network element confirms that the second security context needs to be generated, the session management function network element can trigger the execution of secondary authentication between the terminal device and the authentication authorization and charging network element according to the subscription information of the DNN and the terminal device. After the secondary authentication of the terminal device is successful, the authentication, authorization and accounting network element may send the secondary authentication key to the session management function network element. The session management function network element can receive the secondary authentication key from the authentication, authorization and accounting network element. The second derived parameter may be a freshness parameter, and the second derived parameter may include one or more of the uplink or downlink NAS COUNT, NSSAI, DNN, and PDU session ID. The NAS COUNT can be stored in the non-access stratum context of the terminal device, and the NAS COUNT is updated every time the key is derived, which can prevent the first key generated two consecutive times from being the same. For example, if the value of NAS COUNT is a, after derivation using NAS COUNT once, the NAS COUNT can be updated to a+b. Therefore, the updated value of NAS COUNT can be used for the second derivation. b may be 1 or 2, and may also be other values, which are not limited here. The value of b can be the same for each update, that is, the value of NAS COUNT is incremented or decremented according to the step size of b, or it can be different. The session management function network element can obtain the NSSAI, DNN and PDU session ID from the terminal device through the session request message. Since the slices (NSSAI identifiers), data networks (DNN identifiers) and PDU sessions (PDU session ID identifiers) accessed by different terminal devices or session management network elements are different, the generated first keys may be different.

After the session management function network element determines the first key, the additional security context indication may include the first key.

It should be understood that when the manner of generating the second security context is different, the information required for generating the second security context is different. Therefore, the additional security context indication may contain different information according to different ways of generating the second security context. For example, the additional security context indication may be an explicit indication, an identification of a security algorithm, or a first key, and the additional security context indication may also include an explicit indication and an identification of the security algorithm, and may also include the first encryption key. key and the identity of the security algorithm.

The session management function network element may send additional security context indications to the data transmission network element through different messages, signaling, etc. For example, when the data transmission network element is an access network device, the session management function network element can encapsulate the additional security context indication in an N2SM information (Information) container and send it to the data transmission network element; when the data transmission network element is a user In the case of the plane function network element, the session management function network element may encapsulate the additional security context indication in an N4 session (Session) establishment (Establishment) request (Request) message and send it to the data transmission network element.

204. The data transmission network element acquires the second security context according to the additional security context indication.

After receiving the additional security context indication from the session management function network element, the data transmission network element may acquire the second security context according to the additional security context indication.

The data transmission network element can obtain the security algorithm according to the additional security context indication.

In a possible implementation manner, the algorithm priority list may be preconfigured in the data transmission network element. The algorithm priority list may include the security capability of the terminal device and the priority information of the security algorithm. The data transmission network element can determine the security algorithm according to the algorithm priority list. The data transmission network element may acquire the security capability of the above-mentioned terminal device from the stored context of the terminal device. When the data transmission network element has the first security context, since the data transmission network element needs to generate the first security algorithm and the second security algorithm of the same terminal device, in order to ensure that the first security algorithm and the second security algorithm are different, the first security algorithm The algorithm priority list corresponding to the second security algorithm needs to be different. For the same terminal device, the data transmission network elements use the same algorithm priority list, which is likely to cause the finalized first security algorithm and the second security algorithm to be the same, thus failing to achieve the purpose of security isolation. It should be understood that the security algorithm obtained according to the additional security context indication is the second security algorithm.

In another possible implementation manner, when the additional security context indicates an identifier including a security algorithm, the data transmission network element may determine the security algorithm corresponding to the identifier as the security algorithm.

In another possible implementation manner, when the data transmission network element has the first security context, the data transmission network element may obtain the security algorithm from the first security algorithm of the first security context according to the indication of the additional security context.

The data transmission network element may obtain the security key based on the first key according to the additional security context indication. It can be understood that the additional security context indication can trigger the data transmission network element to acquire the security key based on the first key. It can also be understood that the data transmission network element may respond to the additional security context indication and obtain the security key based on the first key.

In one case, the data transmission network element may first determine the first key, and then may obtain the security key based on the first key.

When the data transmission network element has the first security context, the data transmission device may obtain the first key based on the AS root key of the first security context according to the indication of the additional security context, that is, determine according to the AS root key of the first security context (or generate) the first key. The AS root key may be the key K _gNB , K _eNB , or the next hop (next hop, NH).

In one way, the data transmission network element may use the AS root key of the first security context as the first key.

In another manner, the data transmission network element may generate the first key according to the AS root key of the first security context and the first derived parameter. The first derived parameter may be the PDCP COUNT, and the first derived parameter may be stored in the access stratum context of the terminal device. Each time the data transmission network element uses the PDCP COUNT, the value of the PDCP COUNT needs to be updated, that is, the value of the PDCP COUNT is updated every time the key is derived, which can prevent two consecutively generated keys from being the same. For example, assuming that the value of PDCP COUNT is a, after using PDCP COUNT to derive once, the value of PDCP COUNT can be updated to a+b. Therefore, the updated value of PDCP COUNT can be used for the next derivation. b may be 1 or 2, and may also be other values, which are not limited here. The value of b can be the same for each update, that is, the value of PDCP COUNT is incremented or decremented according to the step size of b, or it can be different. It should be understood that the first derived parameter may be a freshness parameter. By updating the value of PDCP COUNT, the security key generated each time can be different, thereby improving the security of the key and achieving the effect of security isolation.

When the data transmission network element is configured with the corresponding relationship between the identifier of the terminal device and the Kn root key, and the additional security context indication can carry the identifier of the terminal device, the data transmission network element can obtain the first key according to the identifier of the terminal device. key, that is, the first key is determined (or generated) according to Kn. The Kn root key should be different for each terminal device, and may be pre-configured on the data transmission network element. The data transmission network element may determine the Kn root key according to the identification of the terminal device and the corresponding relationship between the terminal device and the Kn root key.

In one way, the data transmission network element may use the Kn root key as the first key.

In another manner, after the data transmission network element determines the Kn root key, the first key may be generated according to the Kn root key and the first derived parameter. For a detailed description of the generation of the first key, reference may be made to the above-mentioned description of the generation of the first key by the data transmission network element according to the AS root key and the first derived parameter, which will not be repeated here.

In another case, the additional security context indication may include the first key. The data transmission network element may first extract the first key from the additional security context indication, and then may generate the security key according to the first key.

After the data transmission network element determines the first key, the security key may be further generated according to the first key.

Optionally, the data transmission network element may generate the security key according to the first key and the third derived parameter.

The third derived parameter may contain the identity and type of the security algorithm. At this time, the data transmission network element may determine the identity and type of the security algorithm according to the acquired security algorithm.

Optionally, the data transmission network element may acquire the security algorithm according to the additional security context indication, and determine the identity and type of the security algorithm according to the acquired security algorithm.

Optionally, when the data transmission network element has the first security context, the data transmission network element may obtain the security algorithm according to the first security algorithm of the first security context, and determine the identity and type of the security algorithm according to the obtained security algorithm.

The identifier of the security algorithm may be used to identify the acquired security algorithm. For example, the encryption algorithm may be EIA1, NEA1, etc., and the integrity algorithm may be EIA1, NIA1, and so on.

The type of the security algorithm can be set to different values according to the current algorithm used in different scenarios. For example, when the security algorithm is used for user plane confidentiality protection, the type of the security algorithm can be set to N-UP-ENC-ALG corresponding to The value of 0x05, when the security algorithm is used for user plane integrity protection, the type of security algorithm can be set to the value 0x06 corresponding to N-UP-INT-ALG. Therefore, the type of the security algorithm can be either 0x05 or 0x06. In addition, the type of the security algorithm may also be a value different from the existing 0x01-0x06, which is used to indicate that the security algorithm is used for the user plane confidentiality protection of the second communication service or the user plane integrity protection of the second communication service. For example, when the current algorithm is used for user plane confidentiality protection of the second communication service, the security algorithm type may be 0x07, and when the current algorithm is used for user plane integrity protection of the second communication service, the security algorithm type may be 0x08. The data transmission network element may generate the security key according to the first key and the identifier and type of the security algorithm. For the specific method of generating the first key, reference may be made to the above-mentioned related descriptions, which will not be repeated here.

Optionally, the data transmission network element may also generate the security key according to the first key and the special character string. Special strings can be preconfigured specific strings such as "NPN", "Secondary", etc.

Introducing a special string that can be differentiated from the existing 0x01-0x06 security algorithm type as a derivative parameter of the key to generate the second encryption key and the second integrity protection key, which can make the obtained security algorithm and the first security If the algorithm is the same and the obtained first key is the same as the AS root key of the first security context, it can still be guaranteed that the obtained security key is different from the first security key. It can be understood that the first encryption key is different from the second encryption key, it can also be understood that the first integrity protection key is different from the second integrity protection key, and it can also be understood that the first encryption key is different from the second integrity protection key. The second encryption key is different, and the first integrity protection key is different from the second integrity protection key. Therefore, it can be avoided that the first security context and the second security context are the same, the effectiveness of the security isolation can be ensured, and the security of the communication service can be guaranteed.

It should be understood that the method for determining the security algorithm and the method for generating the security key may be related to each other, or may be independent.

205. The data transmission network element sends an additional generation instruction to the terminal device.

An additional generation indication may be used to indicate the generation of the second security context. Additional generation indications may be indicated explicitly. For example, the additional generation indication may include 1 bit, when the value of this bit is 1, it may indicate that the second security context is generated, and when the value of this bit is 0, it may indicate that the second security context is not generated. Additional build indications may also be indicated implicitly. For example, the additional generation indication may be an information element required to generate the second security context, such as an algorithm, a flag bit, an indicator, an index, a transmission resource, etc., to send the additional generation indication to the terminal device. For example, when the terminal device receives the indicator, it indicates that the data transmission network element instructs the terminal device to generate the second security context.

After the data transmission network element determines the security key, the additional generation instruction may also be used to instruct the terminal device to obtain the security key. At this point, the additional generation indication may include an indication of the first derived parameter. The indication of the first derived parameter may be the first derived parameter itself, or may be a value used to indicate the first derived parameter. For example, if the second derived parameter contains the PDCP COUNT, the indication of the first derived parameter may contain part of the bits of the PDCP COUNT.

After the data transmission network element determines the security algorithm, the additionally generated instruction may also be used to instruct the terminal device to acquire the security algorithm. At this point, the additional generation indication may include the identification of the security algorithm

It should be understood that the method for determining the second security context is not unique, and the additional security context indications received and the additional generation instructions sent by the data transmission network elements corresponding to different determination methods may be different. Therefore, the additional generation instructions may be generated according to the second security context generation method. different, contain different information. For example, the additional generated indication may be an explicit indication, an indication of the first derivative parameter, or an identification of a security algorithm, and the additional security context indication may also include an explicit indication and an identification of the security algorithm, and may also include the first The indication of the derived parameter and the identification of the security algorithm may also include an explicit indication, the indication of the first derived parameter and the identification of the security algorithm. It should be understood that when the data transmission network element uses the first derivative parameter and/or the third derivative parameter to generate the second security context, the additionally generated indication corresponds to the indication of the packet or the first derivative parameter and/or the identifier of the security algorithm.

The data transmission network element may directly send the additional generation indication to the terminal device, which may be sent through an RRC message. Optionally, the RRC message may be an RRC reconfiguration message.

The data transmission network element can indirectly send an additional generation instruction to the terminal device through the session management function network element. At this time, the additional generation instruction can be encapsulated in the N4Session Establishment Response message and sent to the session management function network element, and the session management function network element will The additional generation indication is encapsulated in the session accept message and sent to the terminal device.

It should be understood that step 205 is an optional step.

206. The session management function network element sends a session acceptance message to the terminal device.

After receiving the session request message from the terminal device, the session management function network element can establish a session for transmitting the second communication service according to the session request message, and after establishing the session, can send a session accept message to the terminal device. Correspondingly, the terminal device can receive the session acceptance message of the session management function network element. The session accept message may indicate completion of the establishment of the session for the second communication service. The session accept message may be a PDU session suggestion request message or a PDU session modification request message.

Optionally, the session accept message may include an additional generation instruction, where the additional generation instruction is used to instruct the terminal device to generate the second security context.

After the session management function network element determines the security algorithm, the additionally generated instruction may also be used to instruct the terminal device to acquire the security algorithm. At this point, the additional generation indication may include the identification of the security algorithm. It should be understood that the identity of the security algorithm may be carried by one of the session acceptance message and the additional generation instruction sent by the data transmission network element to the terminal device, or may not be carried at all. There is no limitation on which specific information the identifier of the security algorithm is included in.

After the session management function network element determines the first key, the additional generation instruction may also be used to instruct the terminal device to obtain the first key. At this point, the additional generation indication may include an indication of the second derived parameter. The indication of the second derived parameter may be the second derived parameter itself, or may be a value used to indicate the second derived parameter. For example, if the second derivative parameter includes NAS COUNT, the indication of the second derivative parameter may include some bits of the NAS COUNT, and if the second derivative parameter includes NSSAI, DNN and PDU session ID, the indication of the second derivative parameter may include NSSAI, DNN and PDU session ID itself, or since the terminal device knows NSSAI, DNN and PDU session ID, the indication of the second derived parameter may contain a specific value, when the value is 1, it is used to instruct the terminal device to obtain NSSAI, DNN and PDU session ID.

When the session management function network element receives the additional generation instruction from the data transmission network element, the additional generation instruction may be forwarded to the terminal device. The session management function network element may encapsulate the additional generation indication in a session accept message and send it to the terminal device.

It should be understood that step 205 and step 206 may be executed in series or in parallel, and the execution order is not limited.

207. The terminal device obtains an additional generation instruction.

The terminal device may acquire the additional generation instruction, which may be understood as the terminal device may receive the additional generation instruction from the data transmission network element and/or the session management network element.

The terminal device may receive additional generation indications from the data transmission network element.

In one case, the terminal device can directly receive the additional generation instruction from the data transmission network element, that is, the terminal device can receive the additional generation instruction from the data transmission device.

In another case, the terminal device may indirectly receive the additional generation instruction from the data transmission network element, that is, the data transmission network element may forward the additional generation instruction to the terminal device through the session management function network element. The specific description can refer to the description of the additional security indication sent by the data transmission network element to the terminal device through the session function management network element in step 205, and will not be repeated here.

The terminal device may receive additional generation instructions from the session management function network element, that is, the terminal device may receive additional generation instructions from the session management function.

The additional generation indications may include one or more of the following: an indication of the first derived parameter, an indication of the second derived parameter, and an identification of the security algorithm.

It should be understood that since the additionally generated indication may include multiple indications, it may be divided into two parts according to the received source, one part is obtained from the data transmission network element, and the other part is obtained from the session management network element. Therefore, the terminal device may generate additional instructions from a part of the data transmission network element, and obtain another part of the additional generation instructions from the session management network element. For example, the terminal device may obtain the indication of the first derived parameter and the identity of the security algorithm from the data transmission network element, and may also obtain the indication of the second derived parameter from the session management function network element. The terminal device may obtain the indication of the first derivative parameter from the data transmission network element, and may also obtain the indication of the second derivative parameter and the identity of the security algorithm from the session management function network element. The terminal device may obtain the identification of the security algorithm from the data transmission network element, and may also obtain the indication of the second derivative parameter from the session management function network element.

208. The terminal device acquires the second security context according to the additionally generated instruction.

After acquiring the additional generation instruction, the terminal device may generate the second security context according to the additional generation instruction. It should be understood that the manner in which the terminal device generates the second security context is the same as the manner in which the data transmission network element generates the second security context. For a detailed description, reference may be made to the relevant description of step 204 .

The terminal device can acquire the security algorithm according to the additional generated instructions.

It should be noted that when an identifier indicating that the indication includes a security algorithm is additionally generated, the terminal device may determine the security algorithm according to the identifier. When the identifier indicating that the security algorithm is not included is additionally generated, the terminal device may acquire the security algorithm according to the first security algorithm in the first security context.

The terminal device may acquire the first key according to the additional generation instruction.

When the terminal device has the first security context, it can obtain the first key based on the AS root key of the first security context according to the additional generation instruction, that is, determine the first key according to the AS root key of the first security context.

In one way, the terminal device may use the AS root key of the first security context as the first key.

In another manner, the additionally generated indication includes an indication of the first derivative parameter, and the terminal device may generate the first key according to the AS root key of the first security context and the first derivative parameter. For a detailed description, reference may be made to the generation of the first key by the data transmission network element according to the AS root key of the first security context and the first derivative parameter in step 204, which will not be repeated here.

The terminal device may correspondingly preconfigure a Kn root key, and the terminal device may generate the first key based on the Kn root key according to the additional generation instruction.

In one way, the terminal device can use the Kn root key as the first key

In another manner, the additionally generated indication includes an indication of the first derivative parameter, and the terminal device may generate the first key according to the Kn root key and the first derivative parameter. For a detailed description, reference may be made to the description of the generation of the first key by the data transmission network element according to the Kn root key and the first derived parameter in step 204, which will not be repeated here.

After the session management function network element triggers the secondary authentication, the terminal device can perform the secondary authentication. The terminal device can generate a secondary authentication key during the secondary authentication process. The terminal device may receive an additional generation indication, and the additional generation indication may include an indication of the second derived parameter. The terminal device may generate the first key according to the secondary authentication key and the second derivative parameter. For a detailed description of the generation method, reference may be made to the description of the generation of the first key by the session management function network element according to the secondary authentication key and the second derivative parameter in step 203, which will not be repeated here.

After the terminal device generates the first key, it may further obtain the security key based on the first key according to the additional generation instruction. A second security context is generated based on the first key. The specific generation method may be the same as the generation method of the data transmission network element in step 204 .

The additional generation indication includes the identification of the security algorithm, and the terminal device can generate the security key according to the first key and the third derived parameter. For a detailed description, reference may be made to the description of the generation of the security key by the data transmission network element according to the first key and the third derived parameter in step 204, which will not be repeated here.

It should be understood that the second security context may be generated by the terminal device and the data transmission network element. The data transmission network element can be an access network device, a user plane functional network element, or other network elements with the same function. That is, it can be understood that a set of security contexts can be generated by two devices, wherein, when the data transmission network element has the first security context, the first security context and the second security context can both be generated by the terminal device and the data transmission network element. . When the data transmission network element does not have the first security context, the second security context can be acquired by the terminal device and the data transmission network element. At this time, the two sets of security contexts are located in different devices. Since the two sets of security contexts have different algorithms and/or keys and are located in different network elements, security isolation can be further implemented.

After receiving the session acceptance message from the session management function network element, the terminal device can determine that the establishment of the second communication service is completed according to the session acceptance message, and then can perform service transmission corresponding to the second communication service with the data network, and transmit the second communication service. The communication traffic can be protected using the second security context. It can be seen that when the public network service is attacked, the impact on the private network service can be avoided, and vice versa, so the security isolation of the public network service and the private network service can be realized, and the security of the public network service and the private network service can be improved. .

Based on the above network architecture, please refer to FIG. 3 , which is a schematic flowchart of another method for generating a security context disclosed in an embodiment of the present invention. As shown in FIG. 3 , the security context generation method may include the following steps.

301. A terminal device acquires a first security context.

The detailed description of step 301 may refer to the description of step 201, which will not be repeated here.

302. The access network device acquires a first security context.

The detailed description of step 302 may refer to the description of step 201, and details are not repeated here.

303. The terminal device sends a session request message to the session management function network element.

The detailed description of step 303 may refer to the description of step 202, and details are not repeated here.

304. The session management function network element sends an additional security context indication to the access network device.

The detailed description of step 304 may refer to the description of step 203, and details are not repeated here.

It should be understood that when the session management function network element has determined the security algorithm, the additional security context indication may also include the identification of the security algorithm.

305. The access network device acquires the second security context according to the additional security context indication.

After receiving the additional security context indication from the session management function network element, the access network device may generate a second security context according to the additional security context indication. For a detailed description of generating the second security context, reference may be made to the description of step 204 .

The access network device may obtain the security algorithm according to the additional security context indication.

In a possible implementation manner, when the additional security context indicates that the second security context is supported, the access network device may acquire the security algorithm according to the algorithm priority list. For a detailed description, reference may be made to the relevant description in step 204, which is not repeated here.

In another possible implementation manner, the additional security context indication may include an identifier of the security algorithm, and the access network device may determine the security algorithm according to the identifier. The security algorithm may already be determined in the session management function network element. For detailed description, reference may be made to the corresponding descriptions of determining the security algorithm by the session management function network element in step 203 and determining the security algorithm according to the additional security context indication in step 204, which will not be repeated here.

In another possible implementation manner, the access network device may obtain the security algorithm from the first security algorithm of the first security context according to the indication of the additional security context.

The access network device may generate the first key according to the additional security context indication.

In a possible implementation manner, the access network device may acquire the AS root key of the first security context, and use this AS root key as the first key. For a detailed description, reference may be made to the relevant description in step 204, which is not repeated here.

In another possible implementation manner, the access network device may generate the first key according to the AS root key of the first security context and the first derivative parameter. For a detailed description, reference may be made to the relevant description in step 204, which is not repeated here.

Further, the access network device may generate the security key based on the first key according to the additional security context indication.

The access network device may generate the security key according to the first key and the third derived parameter. For a detailed description of generating the security key, reference may be made to the description of generating the security key according to the first key and the third derived parameter in step 204, and details are not repeated here.

306. The session management function network element sends a session acceptance message to the terminal device.

The detailed description of step 306 may refer to the description of step 206, and details are not repeated here.

It should be understood that when the session management function network element has determined the security algorithm, the session accept message may include an additional generation indication, and the additional generation indication may include an identification of the security algorithm.

307. The access network device sends an additional generation instruction to the terminal device.

The access network device may send the additional generation instruction to the terminal device, and correspondingly, the terminal device may receive the additional generation instruction from the access network device. For the relevant detailed description, reference may be made to the description of step 205 to step 207, which will not be repeated here.

It should be noted that the additional generation indication may include one or more of the following: an explicit indication, an indication of the first derived parameter, and an identification of a security algorithm.

It should be understood that in steps 306 and 307, one of the messages includes the identification of the security algorithm.

308. The terminal device acquires the second security context according to the additionally generated instruction.

The detailed description of step 308 may refer to the description of step 305 and step 208 .

The additional generation indication may include the identification of the security algorithm. The terminal device can determine the security algorithm based on this identification. The terminal device may also acquire the security algorithm according to the first security algorithm of the first security context. For a detailed description, reference may be made to the relevant description of step 208, which is not repeated here.

The terminal device may generate the first key according to the additional generation instruction.

In a possible implementation manner, the terminal device may obtain the AS root key of the first security context, and use this AS root key as the first key. For a detailed description, reference may be made to the relevant descriptions in step 208 and step 305, which will not be repeated here.

In another possible implementation manner, when the additionally generated indication includes the first derivative parameter, the terminal device may generate the first key according to the AS root key of the first security context and the first derivative parameter. For a detailed description, reference may be made to the description of generating the first key according to the AS root key and the first derivative parameter in step 204, step 208 and step 305, and details are not repeated here.

Further, the terminal device may generate the security key based on the first key according to the additional generation instruction.

When the identification including the security algorithm is additionally generated, the terminal device may generate the security key according to the first key and the third derived parameter. The third derived parameter may be an identification of the security algorithm. For a detailed description of generating the security key, reference may be made to the description of generating the security key according to the first key and the third derived parameter in step 204, step 208 and step 305, which will not be repeated here.

So far, the terminal device can protect the user plane data by using the first security context and the second security context. The first security context and the second security context may be used to protect private network services (public network data) and public network services (private network data), respectively. When an attacker obtains one set of security contexts, the other set of security contexts will not be exposed because the two sets of security contexts are different. Therefore, the goal of protecting the public network service and the private network service separately can be achieved, and the security of the communication service can be improved.

It should be understood that the data transmission network element in this embodiment is an access network device.

Based on the above network architecture, please refer to FIG. 4 , which is a schematic flowchart of another method for generating a security context disclosed in an embodiment of the present invention. As shown in FIG. 4 , the security context generation method may include the following steps.

401. A terminal device acquires a first security context.

The detailed description of step 401 may refer to the description of step 201, which will not be repeated here.

402. The access network device acquires a first security context.

The detailed description of step 402 may refer to the description of step 201, and details are not repeated here.

403. The terminal device sends a session request message to the session management function network element.

The detailed description of step 403 may refer to the description of step 202, and details are not repeated here.

404. The terminal device performs secondary authentication.

The network element of the session management function may trigger the execution of secondary authentication between the terminal device and the authentication, authorization and charging network element according to the subscription information of the DNN and/or the terminal device carried in the session request message. The subscription information of the terminal device may be obtained by requesting the UDM. For example, when the DNN is a specific DNN, or when the subscription information of the terminal device indicates that the secondary authentication needs to be triggered, the session management function network element may trigger the execution of the secondary authentication.

The terminal device can obtain the secondary authentication key through secondary authentication. The secondary authentication can be implemented based on the extensible authentication protocol (EAP). The terminal device and the authentication, authorization and accounting network element can generate a secondary authentication key. The secondary authentication key can be a master session key (MSK) or an extended master session key (EMSK).

Among them, the secondary authentication process can refer to 3GPP TS 33.501 and RFC 3748.

After the authentication, authorization and accounting network element completes the secondary authentication, the authentication, authorization and accounting network element can send the secondary authentication key to the session management function network element. Correspondingly, the session management function network element can receive the Secondary authentication key.

405. The session management function network element generates a first key according to the secondary authentication key.

The session management function network element may first determine whether the second security context needs to be generated. For a detailed description, reference may be made to the description in step 203 that the session management function network element determines whether the terminal device needs to generate the second security context, which is not repeated here.

When the session management function network element determines that the second security context needs to be generated, the session management function network element may determine a security algorithm. For a detailed description of the process of determining the security algorithm generation process by the network element of the session management function, reference may be made to the relevant description in step 203, and details are not repeated here.

When the session management function network element determines that the second security context needs to be generated, the session management function network element may generate the first key according to the received secondary authentication key. The session management function network element may generate the first key according to the second derivative parameter and the secondary authentication key. For a detailed description of the generation process, reference may be made to the relevant description in step 203, which is not repeated here.

406. The session management function network element sends an additional security context indication to the access network device.

The detailed description of step 406 may refer to the description of step 203, and details are not repeated here.

It should be noted that the additional security context indication includes at least the first key.

407. The access network device acquires the second security context according to the additional security context indication.

After receiving the additional security context indication from the session management function network element, the access network device may acquire the second security context according to the additional security context indication. For a detailed description of generating the second security context, reference may be made to the description of step 204 .

In another possible implementation manner, the additional security context indication may include an identifier of the security algorithm, and the access network device may determine the security algorithm according to the identifier. The security algorithm may be determined by the session management function network element. For a detailed description, reference may be made to the corresponding descriptions in step 203 and step 204, and details are not repeated here.

The additional security context indication may include the first key, and the access network device may directly obtain the first key. For a detailed description, reference may be made to the relevant description in step 204, which is not repeated here.

The access network device may generate the security key according to the first key and the third derived parameter. For a detailed description of generating the security key, reference may be made to the relevant description in step 204, and details are not repeated here.

408. The session management function network element sends a session acceptance message to the terminal device.

The detailed description of step 408 can refer to the description of step 206, and details are not repeated here.

The session accept message may include an additional generation indication, which may include an indication of the second derived parameter and/or an identification of the security algorithm.

409. The access network device sends an additional generation instruction to the terminal device.

Correspondingly, the terminal device receives an additional generation indication from the session management function network element. The detailed description of step 409 can refer to the description of step 205 and step 207 .

It should be noted that the additional generated indication may include one or more of the following: an explicit indication and an identification of a security algorithm.

It should be understood that in steps 408 and 409, one of the messages includes the identification of the security algorithm.

410. The terminal device acquires the second security context according to the additionally generated indication.

The detailed description of step 410 may refer to the description of step 407 and step 208 .

The additional generation indication may include an identification of the security algorithm, from which the terminal device may determine the security algorithm. If the additionally generated indication does not include the identifier of the security algorithm, the terminal device may also acquire the security algorithm according to the first security algorithm of the first security context. For a detailed description, reference may be made to the relevant descriptions in step 407 and step 208, which will not be repeated here.

The additional generation indication may include an indication of the second derivative parameter, and the indication of the second derivative parameter may instruct the terminal device to obtain the first key according to the second derivative parameter. The terminal device may generate the first key according to the secondary authentication key and the second derived parameter. For a detailed description, reference may be made to the related descriptions in step 203, step 208 and step 407, which will not be repeated here.

When the identification including the security algorithm is additionally generated, the terminal device may generate the security key according to the first key and the third derived parameter. For the detailed description of generating the security key, reference may be made to the description of generating the security key according to the first key and the third derivative parameter in step 204, step 208 and step 407, which will not be repeated here.

So far, the terminal device can protect the user plane data by using the second security context and the first security context. The terminal device can acquire two sets of security contexts, the second security context and the first security context. When the terminal device sends data corresponding to the PDU session (for example, private network data), the terminal device can use the second security context to perform user plane security protection. When the terminal device sends data corresponding to the PDU session (for example, public network data), the terminal device can use the first security context to perform user plane security protection, thereby realizing security isolation between public network services and public network services.

Based on the above network architecture, please refer to FIG. 5 , which is a schematic flowchart of another method for generating a security context disclosed in an embodiment of the present invention. As shown in FIG. 5 , the security context generation method may include the following steps.

501. A terminal device acquires a first security context.

502. The access network device acquires a first security context.

503. The terminal device sends a session request message to the session management function network element.

504. The terminal device performs secondary authentication.

505. The session management function network element generates a first key according to the secondary authentication key.

For the detailed description of steps 501-505, reference may be made to the description of steps 401-405, which will not be repeated here.

506. The session management function network element sends an additional security context indication to the user plane function network element.

For a detailed description of step 506, reference may be made to the relevant description in step 203, and details are not repeated here.

507. The user plane function network element acquires the second security context according to the additional security context indication.

After receiving the additional security context indication from the session management function network element, the user plane function network element may generate a second security context according to the additional security context indication. For a detailed description of generating the second security context, reference may be made to the description of step 204 .

The user plane function network element can obtain the security algorithm according to the additional security context indication.

In a possible implementation manner, when the additional security context indicates that the generation of the second security context is supported, the user plane function network element may acquire the security algorithm according to the algorithm priority list. For a detailed description, reference may be made to the relevant description in step 204, which is not repeated here.

In another possible implementation manner, the additional security context indication may include the identification of the security algorithm, and the user plane function network element may determine the security algorithm according to this identification. The security algorithm can be determined by the session management function network element or by the user plane function network element. For a detailed description, reference may be made to the corresponding descriptions in step 203 and step 204, and details are not repeated here.

The user plane function network element may generate the first key according to the additional security context indication.

The additional security context indication may include the first key, and the user plane function network element may directly obtain the first key. For a detailed description, reference may be made to the relevant description in step 204, which is not repeated here.

Further, the user plane function network element may generate the security key based on the first key according to the additional security context indication.

The user plane function network element may generate the security key according to the first key and the third derived parameter. For a detailed description of generating the security key, reference may be made to the relevant description in step 204, and details are not repeated here.

508. The user plane function network element sends an additional generation instruction to the session management function network element.

The user plane function network element may send an additional generation instruction to the session management function network element, and correspondingly, the session management function network element may receive the additional generation instruction from the user plane function network element. The additional generation indication may include the identification of the security algorithm. Additional build indications may be encapsulated in the N4Session Establishment Response message.

For the detailed description of step 508, reference may be made to the relevant descriptions in step 205 and step 207, and details are not repeated here.

It should be understood that step 508 is an optional step.

509. The session management function network element sends a session acceptance message to the terminal device.

After the session management function network element receives the additional generation instruction from the user plane function network element, it can encapsulate the received additional generation instruction in a session accept message, and then can send a session accept message to the terminal device. Correspondingly, the terminal device can A session accept message is received from the session management function network element.

It should be noted that the session acceptance message may include an additional generation indication, and the additional generation indication may include one or more of the following: an indication of the second derived parameter and an identifier of a security algorithm. Wherein, the indication of the second derivative parameter may come from the session management function network element; the identification of the security algorithm may come from the user plane function network element or the session management function network element.

For the detailed description of 509, reference may be made to the relevant descriptions in steps 205-207, which will not be repeated here.

510. The terminal device acquires the second security context according to the additionally generated instruction.

The terminal device may acquire the second security context according to the additionally generated instruction. The detailed description of step 510 can refer to the description in step 507 and step 208 .

The terminal device can acquire the security algorithm according to the additional generated instructions. The additional generation indication may include the identification of the security algorithm, and the terminal device may determine the security algorithm according to the identification of the security algorithm. If the additionally generated indication does not include the identifier of the security algorithm, the terminal device may also acquire the security algorithm according to the first security algorithm of the first security context. For a detailed description, reference may be made to the related descriptions in step 508 and step 208, which will not be repeated here.

The additional generation indication may include an indication of the second derivative parameter, and the indication of the second derivative parameter may instruct the terminal device to obtain the first key according to the second derivative parameter. The terminal device may generate the first key according to the secondary authentication key and the second derived parameter. For a detailed description, reference may be made to the relevant descriptions in step 203, step 208, and step 507, and details are not repeated here.

When additionally generating the identifier including the security algorithm, the terminal device may generate the security key according to the first key and the third derived parameter. For the detailed description of generating the security key, refer to the description of generating the security key according to the first key and the third derivative parameter in step 204, step 208 and step 507, which will not be repeated here.

So far, the terminal device can protect the user plane data by using the second security context and the first security context. The terminal device can acquire two sets of security contexts, the second security context and the first security context. The terminal device may use the first security context to perform user plane security protection when sending data corresponding to the PDU session (for example, private network data), and the access network device performs deprotection. When the terminal device sends data corresponding to the PDU session (eg, public network data), the terminal device can use the second security context to perform user plane security protection, and the user plane functional network element performs deprotection. Therefore, one set of security contexts is on the access network equipment, and the other set of security contexts is on the user plane functional network elements. The two sets of security contexts have different algorithms and keys, and are located in different entities, so it can be realized. Safe isolation. In addition, the second security context may be generated by a key generated after the terminal device and the authentication, authorization and accounting network element perform secondary authentication. The first security context may be generated by a key generated after the terminal device and the unified data management network element (located on the public network) perform the first authentication. In this way, even if the key of the unified data management network element is obtained by the attacker, since the attacker does not obtain the key of the authentication, authorization and accounting network element, the attacker cannot obtain the first key of the second security context. achieve isolation. In addition, it is assumed that the user plane function network elements, session management function network elements, and authentication, authorization and accounting network elements are maintained by the private network, while the access network equipment, access and mobility management function network elements, etc. are maintained by the public network. Also, the first security context cannot be obtained, so that the problem of mutual distrust between the private network and the public network can be solved.

It should be understood that the data transmission network element in this embodiment is a user plane functional network element.

Based on the above network architecture, please refer to FIG. 6 , which is a schematic flowchart of another method for generating a security context disclosed in an embodiment of the present invention. As shown in FIG. 6 , the security context generation method may include the following steps.

601. A terminal device acquires a first security context.

The detailed description of step 601 may refer to the description of step 201, which will not be repeated here.

602. The user plane function network element preconfigures the corresponding relationship between the identifier of the terminal device and the Kn root key.

The user plane function network element may preconfigure the correspondence between the identifier of the terminal device and the Kn root key. The identifier of the terminal device may be a generic public subscription identifier (GPSI) or an internet protocol (IP) address. That is, the identification of the terminal device itself is known, and the user plane function network element may determine the first key according to the corresponding relationship between the identification of the terminal device and the Kn root key. For example, the user plane function network element may preconfigure a mapping relationship table between the identifier of the terminal device and the Kn root key, where one identifier may correspond to one Kn root key. It should be understood that the above example is an example for the user plane function network element that can preconfigure the corresponding relationship between the identifier of the terminal device and the Kn root key, and does not constitute a limitation.

After the user plane function network element preconfigures the corresponding relationship between the identifier of the terminal device and the Kn root key, the Kn root key can be delivered to the corresponding terminal device.

For the detailed description of step 602, reference may be made to the description of step 205, which will not be repeated here.

603. The terminal device preconfigures the Kn root key.

604. The terminal device sends a session request message to the session management function network element.

The detailed description of step 604 may refer to the description of step 202, and details are not repeated here.

It should be noted that the session request message may include the identifier of the terminal device.

605. The session management function network element determines the corresponding user plane function network element.

The session management function network element may first determine whether the second security context needs to be generated. For a detailed description, reference may be made to the description of step 203, which will not be repeated here.

The session management function network element may determine the user plane function network element. Optionally, the user plane function network element has a corresponding relationship between the identifier of the terminal device and the Kn root key.

In a possible implementation manner, there is one user plane function network element corresponding to the DNN of the session request message, and it can be determined that this user plane function network element is the network element that generates the corresponding second security context.

In another possible implementation manner, there are multiple user plane function network elements corresponding to the DNN in the session request message. The session management function network element may determine the user plane function network element by pre-configuring the corresponding relationship between the identifier of the terminal device and the user plane function network element. Optionally, the session management function network element can also obtain the context of the corresponding terminal device according to the session request message, and then determine the identity of the terminal device according to the context of the terminal device. The corresponding relationship determines the user plane function network element. It should be understood that the identity of the terminal device may be carried in the SM message, or may be stored in the context of the session management function network element.

606. The session management function network element sends an additional security context indication to the user plane function network element.

The detailed description of step 606 may refer to the description of step 203, which will not be repeated here.

It should be noted that the additional security context indication may include the identifier of the terminal device.

607. The user plane function network element acquires the second security context according to the additional security context indication.

After receiving the additional security context indication from the session management function network element, the user plane function network element may generate a second security context according to the additional security context indication. For a detailed description, please refer to the description of step 204 .

The user plane function network element can obtain the security algorithm according to the additional security context indication. For a detailed description, reference may be made to the description in step 204, which is not repeated here.

In a possible implementation manner, the user plane function network element may first determine the Kn root key according to the received identifier of the terminal device and the corresponding relationship between the terminal device and the Kn root key. The user plane function network element may use the Kn root key as the first key.

In another possible implementation manner, after the user plane function network element determines the root Kn key, it can generate the first key according to the Kn root key and the first derivative parameter. For the description of the specific generation method, please refer to the relevant description in step 204 , will not be repeated here.

The user plane function network element may generate the security key according to the first key and the third derived parameter. For a detailed description of generating the security key, reference may be made to the description of generating the security key according to the first key and the third derived parameter in step 204, and details are not repeated here.

608. The user plane function network element sends an additional generation instruction to the session management function network element.

The user plane function network element may send an additional generation instruction to the session management function network element, and correspondingly, the session management function network element may receive the additional generation instruction from the user plane function network element.

The detailed description of step 608 may refer to the description of step 205 and step 207, and details are not repeated here.

609. The session management function network element sends a session acceptance message to the terminal device.

It should be noted that the session accept message may include an additional generation indication, and the additional generation indication may include one or more of the following: an indication of the first derived parameter, an indication of the second derived parameter, and an identification of a security algorithm. The indication of the first derivative parameter may come from the user plane functional network element; the indication of the second derivative parameter may come from the session management functional network element; the identification of the security algorithm may come from the user plane functional network element or the session management functional network element .

The detailed description of step 609 may refer to the description of steps 205-207, which will not be repeated here.

610. The terminal device generates a second security context according to the additional generation instruction.

The terminal device may acquire the second security context according to the additionally generated instruction. The detailed description of step 610 can refer to the description in step 607 and step 208 .

The terminal device can acquire the security algorithm according to the additional generated instructions. The additional generation indication may include the identification of the security algorithm, and the terminal device may determine the security algorithm according to the identification of the security algorithm. For a detailed description, reference may be made to the relevant descriptions in step 607 and step 208, which will not be repeated here.

The terminal device may generate the first key according to the additional generation instruction. For a detailed description, reference may be made to the relevant descriptions in step 607 and step 208, which will not be repeated here.

The terminal device may use the preconfigured Kn root key as the first key. For a detailed description, reference may be made to the relevant descriptions in step 607 and step 208, which will not be repeated here.

The additional generation indication may include an indication of the first derivative parameter, and the terminal device may generate the first key according to the Kn root key and the first derivative parameter.

When additionally generating the identifier including the security algorithm, the terminal device may generate the security key according to the first key and the third derived parameter. For a detailed description of generating the security key, reference may be made to the description of generating the security key according to the first key and the third derivative parameter in step 204, step 208 and step 607, which will not be repeated here.

It should be noted that, when the terminal device can generate the first key when generating the second security context, the first key can be determined according to the Kn root key and the first derivative parameter configured by the terminal device at this time.

So far, the terminal device can protect the user plane data by using the second security context and the first security context. Wherein, the second security context is generated by the Kn root key preconfigured on the terminal device and the user plane functional network element, and in the method embodiment corresponding to FIG. 5 , the first security context is generated by the terminal device and the unified data management network Element (located on the public network) is generated by the key generated after the first authentication is performed. In this way, even if the key of the unified data management network element is obtained by the attacker, since the attacker does not obtain the key of the user plane function network element, the attacker cannot obtain the key of the second security context, thereby further realizing security isolation. In addition, compared with the method embodiment corresponding to FIG. 5 , this embodiment can not only implement the above-mentioned functions, but also further reduce the cost of the private network device.

It should be understood that the functions performed by the terminal device in the above security context generation method may also be performed by a module (for example, a chip) in the terminal device, and the functions performed by the session management function network element may also be performed by the session management function network element. modules (for example, chips), the functions performed by the data transmission network elements may also be performed by modules (for example, chips) in the data transmission network elements, and the functions performed by the user plane function network elements may also be performed by the user plane functions. A module (eg, a chip) in a network element is performed, and functions performed by an access network device may also be performed by a module (eg, a chip) in the access network device.

Based on the above network architecture, please refer to FIG. 7 , which is a schematic structural diagram of an apparatus for generating a security context disclosed in an embodiment of the present application. As shown in FIG. 7 , the apparatus may include an obtaining unit 701, a sending unit 702 and a receiving unit 703, wherein:

an obtaining unit 701, configured to obtain a first security context, where the first security context is used to protect a first communication service of the terminal device;

A sending unit 702, configured to send a session request message to a session management function network element, where the session request message is used to request the establishment of a session of a second communication service, where the second communication service is different from the first communication service;

a receiving unit 703, configured to receive a session acceptance message from the session management function network element, where the session acceptance message is used to complete the establishment of the session of the second communication service;

an obtaining unit 701, further configured to obtain additional generation instructions;

The obtaining unit 701 is further configured to obtain a second security context according to the additional generation instruction, where the second security context is used to protect the second communication service.

As a possible implementation manner, the obtaining unit 701 obtains a second security context according to the additional generation instruction, where the second security context is used to protect the second communication service including:

As a possible implementation manner, the obtaining unit 701 obtains the security key based on the first key according to the additional generation instruction, including:

The security key is generated from the first key.

As a possible implementation manner, the additional generation instruction includes an indication of a first derivative parameter, and the obtaining unit 701 obtains the first derived parameter based on the AS root key of the first security context according to the additional generation instruction Keys include:

As a possible implementation manner, the device may further include:

an execution unit 704, configured to perform secondary authentication;

a generating unit 705, configured to generate a secondary authentication key during the execution of the secondary authentication process;

The obtaining unit 701 obtaining the security key based on the first key according to the additional generation instruction includes:

A security key is generated from the first key.

As a possible implementation manner, the additional generation instruction includes an indication of a second derivative parameter, and according to the additional generation instruction, the obtaining unit 701 obtains the first key based on the secondary authentication key, including:

As a possible implementation manner, the obtaining unit 701 generating a security key according to the first key includes:

As a possible implementation manner, the additional generation instruction includes the identifier of the security algorithm, and the acquiring unit 701 generates the security key according to the first key and the third derived parameter, including:

More detailed descriptions of the above obtaining unit 701 , sending unit 702 , receiving unit 703 , executing unit 704 and generating unit 705 can be obtained directly by referring to the relevant descriptions of the terminal devices in the method embodiments shown in FIG. 2 to FIG. 6 , here Without further ado.

Based on the above network architecture, please refer to FIG. 8 , which is a schematic structural diagram of another security context generating apparatus disclosed in an embodiment of the present application. As shown in Figure 8, the apparatus may include:

a receiving unit 801, configured to receive a session request message from a terminal device, where the session request message is used to request the establishment of a session of the second communication service;

A sending unit 802, configured to send an additional security context indication to a data transmission network element, where the additional security context indication is used to instruct to generate a second security context, and the second security context is used to protect the second communication service;

The sending unit 802 is further configured to send a session acceptance message to the terminal device, where the session acceptance message is used to complete the establishment of the session of the second communication service.

As a possible implementation manner, the session request message includes first indication information, where the first indication information is used to instruct the terminal device to support generating the second security context, and the sending unit 802 sends to the data transmission network element Additional security context indications include:

As a possible implementation manner, the sending unit 802 sending the additional security context indication to the data transmission network element includes:

As a possible implementation manner, the additional security context indication includes an identifier of a security algorithm, and the apparatus may further include an obtaining unit 803, wherein:

The obtaining unit 803 is configured to obtain the security algorithm.

a triggering unit 804 for triggering secondary authentication;

The receiving unit 801 is further configured to receive the secondary authentication key from the authentication, authorization and accounting network element after the secondary authentication is successful;

The obtaining unit 803 is further configured to obtain the first key according to the secondary authentication key.

As a possible implementation manner, the obtaining unit 803 obtaining the first key according to the secondary authentication key includes:

The first key is obtained according to the secondary authentication key and the second derived parameter.

More detailed descriptions of the above receiving unit 801, sending unit 802, obtaining unit 803, and triggering unit 804 can be obtained directly by referring to the relevant descriptions of the network elements of session management function in the method embodiments shown in FIG. 2 to FIG. Add elaboration.

Based on the above network architecture, please refer to FIG. 9 , which is a schematic structural diagram of another security context generating apparatus disclosed in an embodiment of the present application. As shown in Figure 9, the apparatus may include:

a receiving unit 901, configured to receive an additional security context indication from a session management function network element;

an obtaining unit 902, configured to obtain a second security context according to the additional security context indication, where the second security context is used to protect the second communication service;

The sending unit 903 is configured to send an additional generation instruction to the terminal device, where the additional generation instruction is used to instruct to generate the second security context.

As a possible implementation manner, the obtaining unit 902 is specifically configured to:

As a possible implementation manner, the acquiring unit 902 is further configured to acquire a first security context before receiving the additional security context indication from the session management function network element, where the first security context is used to protect the first communication service , the first communication service is different from the second communication service.

As a possible implementation manner, the obtaining unit 902 generates the security key based on the first key according to the additional security context indication, including:

The security key is generated from the first key.

As a possible implementation manner, the additional generation indication includes an indication of a first derivative parameter, and the obtaining unit 902 obtains the first derivative parameter based on the AS root key of the first security context according to the additional security context indication. A key includes:

As a possible implementation manner, the additional security context indication includes the first key, and according to the additional security context indication, the obtaining unit 902 obtains the security key based on the first key including:

The security key is generated from the first key.

As a possible implementation manner, the obtaining unit 902 generating the security key according to the first key includes:

As a possible implementation manner, the additional security context indication includes an identifier of a security algorithm, and the obtaining unit 902 generates the security key according to the first key and the third derived parameter, including:

As a possible implementation manner, the obtaining unit 902 obtains the security algorithm according to the additional security context indication, including:

More detailed descriptions of the above receiving unit 901 , acquiring unit 902 and sending unit 903 can be obtained directly by referring to the relevant descriptions of the data transmission network elements in the method embodiments shown in FIG. 2 to FIG. 6 , which will not be repeated here.

Based on the above network architecture, please refer to FIG. 10 . FIG. 10 is a schematic structural diagram of another security context generating apparatus disclosed in an embodiment of the present application. As shown in FIG. 10 , the security context generating device may include a processor 1001 , a memory 1002 , an input interface 1003 , an output interface 1004 and a bus 1005 . The memory 1002 may exist independently, and may be connected to the processor 1001 through the bus 1005 . The memory 1002 may also be integrated with the processor 1001 . Among them, the bus 1005 is used to realize the connection between these components.

In one embodiment, the security context generating apparatus may be a terminal device or a module (eg, a chip) in the terminal device. When the computer program instructions stored in the memory 1002 are executed, the processor 1001 is configured to control the sending unit 702 and The receiving unit 703 performs the operations performed in the foregoing embodiments, the processor 1001 is further configured to perform the operations performed by the acquiring unit 701, the executing unit 704, and the generating unit 705 performed in the foregoing embodiments, and the input interface 1003 is configured to perform the receiving operations performed in the foregoing embodiments. The operation performed by the unit 703, and the output interface 1004 is used to perform the operation performed by the sending unit 702 in the foregoing embodiment. The above-mentioned terminal device or modules in the terminal device may also be used to execute various methods performed by the terminal device in the above-mentioned method embodiments of FIG. 2 to FIG.

In one embodiment, the security context generating apparatus may be a session management function network element or a module (eg, a chip) in the session management function network element. When the computer program instructions stored in the memory 1002 are executed, the processor 1001 uses the For controlling the receiving unit 801 and the sending unit 803 to perform the operations performed in the above embodiments, the processor 1001 is further configured to perform the operations performed by the acquiring unit 803 and the triggering unit 804 in the above embodiments, and the input interface 1003 is used to perform the above embodiments. The operation performed by the receiving unit 801 in the above-mentioned embodiment, and the output interface 1004 is used to perform the operation performed by the sending unit 802 in the above-mentioned embodiment. The above session management function network element or modules in the session management function network element can also be used to execute various methods performed by the session management function network element in the above method embodiments of FIG. 2 to FIG.

In one embodiment, the security context generating apparatus may be a data transmission network element or a module (eg, a chip) in the data transmission network element. When the computer program instructions stored in the memory 1002 are executed, the processor 1001 is used to control the The receiving unit 901 and the sending unit 903 perform the operations performed in the foregoing embodiments, the processor 1001 is further configured to perform the operations performed by the acquiring unit 902 in the foregoing embodiments, and the input interface 1003 is configured to perform the operations performed by the receiving unit 901 in the foregoing embodiments. Operation, the output interface 1004 is used to perform the operation performed by the sending unit 903 in the above-mentioned embodiment. The foregoing data transmission network element or modules within the data transmission network element may also be used to execute various methods performed by the data transmission network element in the foregoing method embodiments of FIG. 2 to FIG. 6 , which will not be repeated.

Based on the above network architecture, please refer to FIG. 11 . FIG. 11 is a schematic structural diagram of another security context generating apparatus disclosed in an embodiment of the present application. As shown in FIG. 11 , the security context generating apparatus may include an input interface 1101 , a logic circuit 1102 and an output interface 1103 . The input interface 1101 and the output interface 1103 are connected through the logic circuit 1102 . The input interface 1101 is used for receiving information from other devices, and the output interface 1103 is used for outputting, scheduling or sending information to other devices. The logic circuit 1102 is configured to perform operations other than the operations of the input interface 1101 and the output interface 1103, for example, to implement the functions implemented by the processor 1001 in the above-mentioned embodiment. The security context generating apparatus may be a terminal device or a module of the terminal device, a session management function network element or a module of a session management function network element, or a data transmission network element or a module of the data transmission network element. The more detailed description of the input interface 1101, the logic circuit 1102 and the output interface 1103 can be obtained directly by referring to the relevant descriptions of the terminal device, the session management function network element and the data transmission network element in the above method embodiments, and will not be repeated here.

The embodiments of the present application further disclose a computer-readable storage medium, on which instructions are stored, and when the instructions are executed, the methods in the foregoing method embodiments are executed.

The embodiment of the present application further discloses a computer program product including an instruction, when the instruction is executed, the method in the foregoing method embodiment is executed.

The embodiment of the present application also discloses a communication system, which includes a terminal device, a session management function network element, and a data transmission network element. For a specific description, reference may be made to the security context generation method shown in FIG. 2 to FIG. 6 .

The specific embodiments described above further describe the purpose, technical solutions and beneficial effects of the present application in detail. It should be understood that the above descriptions are only specific embodiments of the present application, and are not intended to limit the The protection scope, any modifications, equivalent replacements, improvements, etc. made on the basis of the technical solutions of the present application shall be included within the protection scope of the present application.

Claims

A method for generating a security context, comprising:

The terminal device acquires a first security context, where the first security context is used to protect the first communication service of the terminal device;

sending, by the terminal device, a session request message to the session management function network element, where the session request message is used to request the establishment of a session of a second communication service, where the second communication service is different from the first communication service;

receiving, by the terminal device, a session acceptance message from the session management function network element, where the session acceptance message is used to complete the establishment of the session for the second communication service;

the terminal device obtains an additional generation instruction;

The terminal device acquires a second security context according to the additional generation instruction, where the second security context is used to protect the second communication service.
The method according to claim 1, wherein the session request message includes first indication information, and the first indication information is used to instruct the terminal device to support generating the second security context.
The method according to claim 1 or 2, wherein the terminal device obtains the second security context according to the additional generation indication, comprising:

The terminal device obtains the security key based on the first key according to the additional generation instruction; and/or

The terminal device acquires a security algorithm according to the additional generation instruction.
The method according to claim 3, wherein the terminal device obtains the security key based on the first key according to the additional generation instruction, comprising:

The terminal device obtains the first key based on the access stratum AS root key of the first security context according to the additional generation instruction;

The terminal device generates the security key according to the first key.
The method according to claim 4, wherein the additional generation instruction includes an indication of a first derivative parameter, and the terminal device obtains the AS root key based on the first security context according to the additional generation instruction The first key includes:

The terminal device generates the first key according to the AS root key of the first security context and the first derived parameter.
The method according to claim 5, wherein the first derivative parameter is a downlink packet data convergence protocol PDCP COUNT, and the indication of the first derivative parameter is part of the bits of the downlink PDCP COUNT.
The method according to claim 3, wherein after the terminal device sends the session request message to the session management function network element, and before the terminal device receives the additional generation indication, the method further comprises: include:

the terminal device performs secondary authentication;

The terminal device generates a secondary authentication key during the execution of the secondary authentication process;

The terminal device obtains the security key based on the first key according to the additional generation instruction, including:

The terminal device obtains the first key based on the secondary authentication key according to the additional generation instruction;

The terminal device generates a security key according to the first key.
The method according to claim 7, wherein the additional generation instruction includes an indication of a second derived parameter, and the terminal device obtains the first derived parameter based on the secondary authentication key according to the additional generation instruction keys, including:

The terminal device generates the first key based on the secondary authentication key and the second derivative parameter according to the indication of the second derivative parameter.
The method according to claim 8, wherein the second derived parameter is one or more of the following parameters: downlink non-access stratum NAS COUNT, protocol data unit session identity PDU session ID, network slice selection Support information NSSAI and data network name DNN.
The method according to any one of claims 4-9, wherein the terminal device generates the security key according to the first key, comprising:

The terminal device generates the security key according to the first key and the third derived parameter.
The method according to claim 10, wherein the additional generation indication includes an identifier of the security algorithm, and the terminal device generates the security key according to the first key and a third derived parameter, comprising: :

The terminal device generates the security key according to the first key and the identity and type of the security algorithm.
3. The method of claim 3, wherein the additional generation indication includes an identification of the security algorithm.
The method according to any one of claims 1-12, wherein when the first communication service is a public network service, the second communication service is a private network service; when the first communication service is a private network service In the case of a private network service, the second communication service is a public network service.
An apparatus for generating a security context, characterized in that the apparatus is a terminal device, and the apparatus includes:

an acquiring unit, configured to acquire a first security context, where the first security context is used to protect the first communication service of the terminal device;

a sending unit, configured to send a session request message to the session management function network element, where the session request message is used to request the establishment of a session of a second communication service, where the second communication service is different from the first communication service;

a receiving unit, configured to receive a session acceptance message from the session management function network element, where the session acceptance message is used to complete the establishment of the session of the second communication service;

The obtaining unit is also used to obtain additional generation instructions;

The obtaining unit is further configured to obtain a second security context according to the additional generation instruction, where the second security context is used to protect the second communication service.
The apparatus according to claim 14, wherein the session request message includes first indication information, and the first indication information is used to instruct the terminal device to support generating the second security context.
The apparatus according to claim 14 or 15, wherein the acquiring unit acquires a second security context according to the additional generation instruction, where the second security context is used to protect the second communication service comprising:

obtaining a security key based on the first key according to the additional generation indication; and/or

A security algorithm is obtained according to the additional generation indication.
The apparatus according to claim 16, wherein the obtaining unit, according to the additional generation instruction, obtains the security key based on the first key, comprising:

obtaining the first key based on the AS root key of the first security context according to the additional generation instruction;

The security key is generated from the first key.
The apparatus according to claim 17, wherein the additional generation indication includes an indication of a first derivative parameter, and the obtaining unit obtains the AS root key based on the first security context according to the additional generation indication The first key includes:

The first key is generated according to the AS root key of the first security context and the first derived parameter.
The apparatus according to claim 18, wherein the first derivative parameter is a downlink packet data convergence protocol PDCP COUNT, and the indication of the first derivative parameter is part of the bits of the downlink PDCP COUNT.
The apparatus of claim 16, wherein the apparatus further comprises:

an execution unit for performing secondary authentication;

a generating unit, configured to generate a secondary authentication key during the execution of the secondary authentication process;

The obtaining unit obtaining the security key based on the first key according to the additional generation instruction includes:

obtaining the first key based on the secondary authentication key according to the additional generation instruction;

A security key is generated from the first key.
The apparatus according to claim 20, wherein the additional generation instruction includes an indication of a second derivative parameter, and the obtaining unit obtains the first derived parameter based on the secondary authentication key according to the additional generation instruction Keys include:

The first key is generated based on the secondary authentication key and the second derivative parameter according to the indication of the second derivative parameter.
The apparatus according to claim 21, wherein the second derived parameter is one or more of the following parameters: downlink non-access stratum NAS COUNT, protocol data unit session identity PDU session ID, network slice selection Support information NSSAI and data network name DNN.
The device according to any one of claims 17-22, wherein the obtaining unit generating a security key according to the first key comprises:

The security key is generated based on the first key and the third derived parameter.
The apparatus according to claim 23, wherein the additional generation instruction includes an identifier of the security algorithm, and the generation unit generating the security key according to the first key and a third derivative parameter comprises:

The security key is generated based on the first key and the identity and type of the security algorithm.
17. The apparatus of claim 16, wherein the additional generation indication includes an identification of the security algorithm.
The apparatus according to any one of claims 16-25, wherein when the first communication service is a public network service, the second communication service is a private network service; when the first communication service is a private network service In the case of a private network service, the second communication service is a public network service.
A security context generating device, characterized in that it comprises a processor, a memory, an input interface and an output interface, wherein the input interface is used to receive information from other security context generating devices other than the security context generating device, the The output interface is used for outputting information to other security context generating devices other than the security context generating device, and the processor invokes the computer program stored in the memory to implement the method according to any one of claims 1-13.
A computer-readable storage medium, characterized in that, a computer program or computer instruction is stored in the computer-readable storage medium, and when the computer program or computer instruction is executed, any one of claims 1-13 is implemented. the method described.
A chip, characterized in that it includes a processor for executing a program stored in a memory, and when the program is executed, causes the chip to execute the method according to any one of claims 1-13.